On Wed, 25 Mar 2009 15:21:42 BST, Lorenzo Vogelsang said: > Despite i've told to nvidia only the "url redirection" flaw i think > that, if "url redirection" will be solved all the xss inherently > vulnerabilites will be solved too. Actual experience in the field has shown that in general, if you report a URL redirection issue to the maintainers of a website, a large percentage of the time they will *only* fix the problem with URL redirection, unless you make it clear to them *and they understand* that the URL redirection is only one symptom of a larger XSS issue. I'll give it a 50-50 chance that somebody will get to send NVidia an email saying "Good, you fixed the URL problem. Now about that XSS...."
Attachment:
pgpK95acqtsFM.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/