[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] BLOGGER XSS VULNERABILITY

To: "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>
Subject: Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
From: "Harry Muchow" <wonderfulandromeda@xxxxxxxxx>
Date: Mon, 13 Aug 2007 23:19:26 +0530

Comments do not allow javascript. Safe!!!

On 8/13/07, Valdis.Kletnieks@xxxxxx <Valdis.Kletnieks@xxxxxx> wrote:
> On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:
>
> > But I am the only one who is inserting the JavaScript in my blog. So,
> > I'll end up stealing the cookies set for my domain. Why would I steal
> > cookies set for my domain? I already know them because it is my website.
>
> Obviously, your blog doesn't allow any users to comment...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] BLOGGER XSS VULNERABILITY
  - From: Daniele Costa
- Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
  - From: Susam Pal
- Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] Breakpoint Security Conference Registration Now Open
Next by Date: [Full-disclosure] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)
Previous by thread: Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
Next by thread: [Full-disclosure] Facebook Homepage Source Code Probably Leaked
Index(es):
- Date
- Thread