[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] excessive xss vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] excessive xss vulnerabilities
From: n3td3v <n3td3v@xxxxxxxxx>
Date: Tue, 9 May 2006 01:08:08 +0100

On 5/9/06, Christian Swartzbaugh <feofil@xxxxxxxxx> wrote:

there is a high volume of xss vulnerabilities on this list. take the next
step to disclose why xss important for the affected program. for instance,
creating a test case that does something privileged or malicious towards a
visitor. in attempting to create a keystroke logger in javascript i've found
it drops random keystrokes (i think its a speed problem). and i would be
interested in seeing more malicious javascript.

again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would want
those cookies or how he/she could use them to create a security issue.

thanks
feofil



Xtra Sex Sex The Planet!       ;-)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] excessive xss vulnerabilities
  - From: Christian Swartzbaugh

Prev by Date: [Full-disclosure] excessive xss vulnerabilities
Next by Date: Re: [Full-disclosure] IE7 Zero Day
Previous by thread: [Full-disclosure] excessive xss vulnerabilities
Next by thread: RE: [Full-disclosure] excessive xss vulnerabilities
Index(es):
- Date
- Thread