[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Selfmade worms in the wild ;)

To: Redaktion-Kryptocrew <momolly@kryptocrew.de>
Subject: Re: [Full-Disclosure] Selfmade worms in the wild ;)
From: knitti <knitti@t-base71.no-ip.org>
Date: Sat, 30 Aug 2003 03:17:16 +0200


more fun:

why didn't you try:
<http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E>

i think one can pass almost any xss there

(citing http://www.trendmicro.com/en/about/profile/overview.htm :
  "Trend Micro Incorporated is a global leader in antivirus and Internet
  content security software and services....")

do they test their "internet content security software" on their own
pages?


greetz
knitti



> Attention, that's joke-trash:

> http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745&VName=WORM_MSBLAST.G
> http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.Z


> You can change id's and names...


> -mo-
> --
> ======================================================================

> G.P
> Online-Redaktion

> ===============================

> Kryptocrew
> .: your security advisor team :.           mailto:momolly@kryptocrew.de

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Selfmade worms in the wild ;)
  - From: Redaktion-Kryptocrew <momolly@kryptocrew.de>

Prev by Date: [Full-Disclosure] The Jeffrey Parson criminal complaint is online
Next by Date: [Full-Disclosure] Lets discuss, Firewalls...
Prev by thread: [Full-Disclosure] Selfmade worms in the wild ;)
Next by thread: Re: [Full-Disclosure] Selfmade worms in the wild ;)
Index(es):
- Date
- Thread