[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] on xss and its technical merit

To: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] on xss and its technical merit
From: "Fredrick Diggle" <fdiggle@xxxxxxxxx>
Date: Thu, 13 Dec 2007 12:58:33 -0600

WRONG! Once again xss is not the exploit it is just the delivery mechanism.
You aren't doing anything here that you couldn't also do by posting the
exploit on your damn live journal right next to the paris hilton video.

Did you end up paying damages?

YAY!

On Dec 13, 2007 11:46 AM, Morning Wood <se_cur_ity@xxxxxxxxxxx> wrote:

> 4. use xss to IFRAME or otherwise leverage a client exploit
>
> imho this is by far worse than any of the other vectors mentioned
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] on xss and its technical merit
  - From: Fredrick Diggle
- Re: [Full-disclosure] on xss and its technical merit
  - From: Morning Wood

Prev by Date: Re: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
Next by Date: [Full-disclosure] Small Design Bug in Postfix - REMOTE
Previous by thread: Re: [Full-disclosure] on xss and its technical merit
Next by thread: Re: [Full-disclosure] on xss and its technical merit
Index(es):
- Date
- Thread