Re: [Full-disclosure] MBT Xss vulnerability

From: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
Date: Fri, 20 Jan 2006 13:31:33 -0500

Well I'm not going to talk about how XSS is useless because we all
know it can be quite a serious problem. I think, and I don't know the
guy so I can't be sure, the original dissenter to this post was
pointing out that:
What would you phish from a site that doesn't have any forms anyways?
What would stealing a session cookie get you if the only dynamic
content is a search function?

I'm not saying XSS isn't important, I'm just wondering why this case is?

-sb

On 1/20/06, Jerome Athias <jerome.athias@xxxxxxx> wrote:
> Hey guy, do you know something about XSS
> 1) Phishing?
> 2) encoded URL, UTF8...?
> 3) cookie steal?
> ...
>
> it'll not be difficult to reproduce a website and have an url difficult
> to understand for a basic user...
> sure it's harder to spoof the url in the browser...
> //
>
> Native.Code a écrit :
> > What a lame vulnerability it is. If your POC redirects to another site
> > (which is not MBT site), how someone will become victim and believe that
> > he/she is doing business with MBT?
> >
> > Your post is yet another proof that FD is more and more inhibited by scipt
> > kiddies. Get a life!
> >
>
>
> ---------------------------------------------------------------------------------------------------------
> About FD:
> "Speech is silver, but silence is gold"
>
>
> /JA
> /https://www.securinfos.info/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] MBT Xss vulnerability
  - From: Stan Bubrouski

References:
- [Full-disclosure] MBT Xss vulnerability
  - From: MuNNa
- Re: [Full-disclosure] MBT Xss vulnerability
  - From: Native.Code
- Re: [Full-disclosure] MBT Xss vulnerability
  - From: Jerome Athias

Prev by Date: Re: [Full-disclosure] MBT Xss vulnerability
Next by Date: Re: [Full-disclosure] Re: Re: PC Firewall Choices
Previous by thread: Re: [Full-disclosure] MBT Xss vulnerability
Next by thread: Re: [Full-disclosure] MBT Xss vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] Month of ActiveX Bug
... [Full-disclosure] Month of ActiveX Bug ... Even XSS bugs in open source perl webmail apps. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Gmail 0day
... Blackhat SEO XSS ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Full-Disclosure - We believe in xss. ...
(Full-Disclosure)
=?KOI8-R?Q?Re:_[Full-disclosure]_XSS_at_msn.com_=C9_cisco.com?=
... It looks like I have:) See my next message "XSS at nsa.gov" or just visit ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Re: XSS at Netcraft.com
... XSS still exists. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
RE: [Full-disclosure] Not even the NSA can get it right
... What would XSS on NSA.GOV get a hacker anyways? ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)