[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
From: Jedi/Sector One <j@xxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 15:40:33 +0200

On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@xxxxxxxxxxxx wrote:
> with a XSS bug, this works in IE:
> Other less exciting versions of this XSS:
> http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><'

  Did you _at least_ tell Verisign about this before posting this?

  I mailed them about the exact same vuln yesterday and still got no answer
yet, so I guess you didn't care about letting them some time to actully know
about the flaw before posting this to full-disclosure.

  Bad boy.

-- 
                       Let internet explore your host
                    http://www.pivx.com/larholm/unpatched/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: James Greenhalgh
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: Paul Holman
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: J.A. Terranson
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: morning_wood

References:
- [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: xss_slut

Prev by Date: Re: [Full-Disclosure] openssh remote exploit
Next by Date: Re: [Full-Disclosure] new ssh exploit?
Previous by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Next by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Index(es):
- Date
- Thread