[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting

To: InfoSecBOFH <infosecbofh@xxxxxxxxx>
Subject: Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
From: Moritz Naumann <security@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Nov 2005 18:04:22 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

InfoSecBOFH schrieb:
> Cool... so give me a real world attack scenario with this....

How to inject arbitrary client side code into this application using
this vulnerability is explained in the advisory. Web links to additional
sources explaining XSS are provided, too.

I do not think there is a requirement to provide proof that a
vulnerability is exploitable to publish it. At least, I can't find this
on the Full Disclosure charter.

If you need more information on this vulnerability, I propose you
aggregate it yourself, hire us or convince me to provide it for free.

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/
G3ihCWhGUciVfT689HzzP+Y=
=kO8I
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
  - From: Moritz Naumann
- Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
  - From: Moritz Naumann
- Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
  - From: InfoSecBOFH

Prev by Date: Re: [Full-disclosure] Re: FD list
Next by Date: Re: [Full-disclosure] Re: FD list
Previous by thread: Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
Next by thread: [Full-disclosure] OTRS 1.x/2.x Multiple Security Issues
Index(es):
- Date
- Thread