[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [0 Day] XSS Persistent in Blogspot of Google
- To: elfius@xxxxxxxxx
- Subject: Re: [Full-disclosure] [0 Day] XSS Persistent in Blogspot of Google
- From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Date: Sun, 27 Jan 2013 11:17:51 -0800
>
> OGMMM WTFF 0DAY XSS
> Sorry, getting a bit tired of these.
Well, the world is changing. You can probably do a lot more direct damage
with a (legit) XSS in a high-value site than with a local privilege
escalation in sudo.
XSS reports are less actionable for the average reader, but full disclosure
is probably still beneficial, in that it provides data points about the
types of flaws a particular vendor happens to have, and the speed and
quality of the deployed fixes.
Of course, many of the XSS reports in knorr.com and similarly exciting
destinations are zzzzzzzzzz...
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/