[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MBT Xss vulnerability

To: "Native.Code" <native.code@xxxxxxxxx>
Subject: Re: [Full-disclosure] MBT Xss vulnerability
From: Jerome Athias <jerome.athias@xxxxxxx>
Date: Fri, 20 Jan 2006 19:11:41 +0100

Hey guy, do you know something about XSS
1) Phishing?
2) encoded URL, UTF8...?
3) cookie steal?
...

it'll not be difficult to reproduce a website and have an url difficult
to understand for a basic user...
sure it's harder to spoof the url in the browser...
//

Native.Code a écrit :
> What a lame vulnerability it is. If your POC redirects to another site
> (which is not MBT site), how someone will become victim and believe that
> he/she is doing business with MBT?
>
> Your post is yet another proof that FD is more and more inhibited by scipt
> kiddies. Get a life!
>   


---------------------------------------------------------------------------------------------------------
About FD:
"Speech is silver, but silence is gold"


/JA
/https://www.securinfos.info/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] MBT Xss vulnerability
  - From: Stan Bubrouski

References:
- [Full-disclosure] MBT Xss vulnerability
  - From: MuNNa
- Re: [Full-disclosure] MBT Xss vulnerability
  - From: Native.Code

Prev by Date: Re: [Full-disclosure] Possible large botnet
Next by Date: Re: [Full-disclosure] MBT Xss vulnerability
Previous by thread: Re: [Full-disclosure] MBT Xss vulnerability
Next by thread: Re: [Full-disclosure] MBT Xss vulnerability
Index(es):
- Date
- Thread