RE: [Full-Disclosure] home land tracker software

From: Logan5 (Logan5_at_Logan5.com)
Date: 02/06/04

  • Next message: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
    To: "'Logan5'" <Logan5@Logan5.com>, <full-disclosure@lists.netsys.com>
    Date: Fri, 6 Feb 2004 15:22:27 -0600
    
    

    Correction:

    <script>alert('doh!')</script>

    -L5

    -----Original Message-----
    From: Logan5 [mailto:Logan5@Logan5.com]
    Sent: Friday, February 06, 2004 3:07 PM
    To: 'full-disclosure@lists.netsys.com'
    Subject: RE: [Full-Disclosure] home land tracker software

    LOL

    The NAMECHECK dialog is succeptable to XSS. Enter the following into
    any of the fields:

    <script>alert('secured!')</alert>

    -L5

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Exibar
    Sent: Friday, February 06, 2004 2:04 PM
    To: DAN MORRILL; full-disclosure@lists.netsys.com
    Subject: Re: [Full-Disclosure] home land tracker software

    hrumph.... I just tried about a dozen maybe two dozen names and none
    produced matches. Their database can't be that big :-)

     William Gates
     George W. Bush

     were two names that I thought for sure would pop up "something" at
    least..... anyone find a name that actually displays information?

     Ex

    ----- Original Message -----
    From: "DAN MORRILL" <dan_20407@msn.com>
    To: <full-disclosure@lists.netsys.com>
    Sent: Friday, February 06, 2004 1:52 PM
    Subject: [Full-Disclosure] home land tracker software

    > http://www.ofaccompliance.com/
    >
    > anyone want to debate the ethics of this and the US Patriot act and
    > how to secure the system when it is in use or misuse? You can check
    > our own name
    at
    > the web site, as well as more popular folks. As an information
    > security person, this worries me. Both from a compliance issue
    > (corporate) and on a personal issue.
    >
    > Additional reading US Patriot act, section 326.
    >
    > All information security related ideas welcome, flames to
    > /dev/null/blackhole/no-read-access
    >
    > My question is : what were they thinking?
    >
    >
    > r/
    > Dan
    >
    > _________________________________________________________________
    > Find great local high-speed Internet access value at the MSN
    > High-Speed Marketplace.
    > http://click.atdmt.com/AVE/go/onm00200360ave/direct/01/
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"