[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Re: micosoft.com xss

To: penetrator@xxxxxxxxxx
Subject: Re: [Full-disclosure] Re: micosoft.com xss
From: "Thomas Pollet" <thomas.pollet@xxxxxxxxx>
Date: Tue, 8 Aug 2006 10:18:56 +0200

On 08/08/06, Mad World <penetrator@xxxxxxxxxx> wrote:


Why do you need it ?
You already discovered xss, the rest of "job" is just matter of technique.
I think majority of xss submitters here could do it by various means.
M$ is lost in its own complexity of how to do simple things.

If you could ever give me reasonable answer for why do you need this $hit
- I could give you the "rest", like others could.

I doubt you actually tried getting js executed on page load (for some reason
they try to prevent xss in a number of ways).
I did try and didn't succeed, that's why I ask.

Greets,
Thomas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Re: micosoft.com xss
  - From: Mad World

Prev by Date: [Full-disclosure] Re: AOL data being mirrored everywhere
Next by Date: [Full-disclosure] microsoft.com xss #2
Previous by thread: Re: [Full-disclosure] Re: micosoft.com xss
Next by thread: Re: [Full-disclosure] Re: micosoft.com xss
Index(es):
- Date
- Thread