On Fri, 18 Apr 2008 11:01:26 EDT, Joey Mengele said: > I believe you are missing something. XSS is merely a type of > vulnerability. It is very common for an XSS payload to include a > DDoS component. If you had done your research before retorting you > would have known this. Yes, but although we have evidence that a DDoS of some sort is underway, we have *ZERO*, *ZIP*, *ZILTCH*, *GOOSE-EGG* indication that an XSS was involved. For all you know, it was an iframe injection into clients that visited a compromised webserver that downloaded the DDoS tool. Sounds more like a "textbook case of calling it an XSS because when you only have a hammer everything looks like a nail".
Attachment:
pgpXgjSVUtbpE.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/