[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] excessive xss vulnerabilities

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] excessive xss vulnerabilities
From: "Edward Pearson" <Ed@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 9 May 2006 09:33:02 +0100

Interesting, a JS keylogger! You should use XMLHTTP to post the info...

________________________________

From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of
Christian Swartzbaugh
Sent: 09 May 2006 00:35
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] excessive xss vulnerabilities

there is a high volume of xss vulnerabilities on this list. take the
next step to disclose why xss important for the affected program. for
instance, creating a test case that does something privileged or
malicious towards a visitor. in attempting to create a keystroke logger
in javascript i've found it drops random keystrokes (i think its a speed
problem). and i would be interested in seeing more malicious javascript.

again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would
want those cookies or how he/she could use them to create a security
issue. 

thanks
feofil

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] excessive xss vulnerabilities
  - From: bugtraq

Prev by Date: [Full-disclosure] Security Events Google Calendar
Next by Date: [Full-disclosure] [SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution
Previous by thread: Re: [Full-disclosure] excessive xss vulnerabilities
Next by thread: Re: [Full-disclosure] excessive xss vulnerabilities
Index(es):
- Date
- Thread