[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
From: James Greenhalgh <james.greenhalgh@xxxxxxxxxxxx>
Date: 16 Sep 2003 16:25:40 +0100

On Tue, 2003-09-16 at 14:40, Jedi/Sector One wrote:
> On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@xxxxxxxxxxxx wrote:
> > with a XSS bug, this works in IE:
> > Other less exciting versions of this XSS:
> > http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><'
> 
>   Did you _at least_ tell Verisign about this before posting this?

Verisign didn't _at least_ tell people before they put a dumbass wildcard
entry into the domains.  They didn't _at least_ tell me when they 
transferred control over a domain of mine to some random unknown
company, to a member of staff who has left the face of the earth.

They deserve everything they get.

-- 
James Greenhalgh <james.greenhalgh@xxxxxxxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: xss_slut
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: Jedi/Sector One

Prev by Date: Re: [Full-Disclosure] The lowdown on SSH vulnerability
Next by Date: Re: [Full-Disclosure] openssh remote exploit
Previous by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Next by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Index(es):
- Date
- Thread