[Full-disclosure] excessive xss vulnerabilities
- From: "Christian Swartzbaugh" <feofil@xxxxxxxxx>
- Date: Mon, 8 May 2006 16:35:22 -0700
there is a high volume of xss vulnerabilities on this list. take the next
step to disclose why xss important for the affected program. for instance,
creating a test case that does something privileged or malicious towards a
visitor. in attempting to create a keystroke logger in javascript i've found
it drops random keystrokes (i think its a speed problem). and i would be
interested in seeing more malicious javascript.
again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would want
those cookies or how he/she could use them to create a security issue.
thanks
feofil
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] excessive xss vulnerabilities
- From: n3td3v
- Re: [Full-disclosure] excessive xss vulnerabilities
- Prev by Date: [Full-disclosure] Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games
- Next by Date: Re: [Full-disclosure] excessive xss vulnerabilities
- Previous by thread: [Full-disclosure] Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games
- Next by thread: Re: [Full-disclosure] excessive xss vulnerabilities
- Index(es):
Relevant Pages
|
