[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Serious Yahoo bug discovered. Researchers rewarded with $12.50
- To: Benji <me@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Serious Yahoo bug discovered. Researchers rewarded with $12.50
- From: coderman <coderman@xxxxxxxxx>
- Date: Thu, 3 Oct 2013 05:19:27 -0700
On Thu, Oct 3, 2013 at 3:21 AM, coderman <coderman@xxxxxxxxx> wrote:
>... i would pay money to never read about lame XSS on this list again...
ok, lame is too harsh; inaccurate. as part of a larger campaign of
pwn, XSS can play part in a pandemic pounding of target host or
network.
better to say "routine XSS", which XSS certainly is.
E.g.
"...we built a total of 181,238 unique exploit test cases,... these
[test cases] we were able to trigger our reporting function 69,987
times... [and] that the exploits triggered 8,163 unique
vulnerabilities."
http://ben-stock.de/2013/09/summary-of-our-ccs-paper-on-dom-based-xss/
i've read 2,261 threads discussing XSS on this list.
do we really need to discuss the remaining thousands?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/