Re: [Full-disclosure] informative...

From: Andrea Purificato - bunker <bunker@xxxxxxxxxxxxx>
Date: Wed, 29 Aug 2007 19:41:27 +0200

On Wednesday 29 August 2007, Fabio Pietrosanti (naif) wrote:

http://seclists.org/fulldisclosure/2007/Jul/0504.html
comments?

Hi Fabio,

I fully agree with you, but i have less trouble than you speaking about this
type of vulnerability after reporting the XSS to the owner.
If nobody replies to me after reasonable time, I consider my work finished and
I feel free to talking about anything, in the spirit of full-disclosure.

If someone wants to public "0day" XSS without report it to the owner, it's not
my problem!

Regards,
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] informative...
  - From: withak
- Re: [Full-disclosure] informative...
  - From: Fabrizio
- Re: [Full-disclosure] informative...
  - From: Fabio Pietrosanti (naif)

Prev by Date: [Full-disclosure] Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
Next by Date: [Full-disclosure] Multiple vulnerabilities in Doomsday 1.9.0-beta5.1
Previous by thread: Re: [Full-disclosure] informative...
Next by thread: [Full-disclosure] Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] Arin.net XSS
... It works in IE just fine and probably some other browsers. ... This prevents the script from being interpreted properly via the Address bar. ... Subject: [Full-disclosure] Arin.net XSS ... I think that XSS in many instances is a serious issues. ...
(Full-Disclosure)
RE: [Full-disclosure] Re: Arin.net XSS
... You need to copy and paste the full URL into your browser for the XSS to take place. ... Full-Disclosure - We believe in it. ... If you have received this email in error please notify the system manager. ... message contains confidential information and is intended only for the individual named. ...
(Full-Disclosure)
[Full-disclosure] To XSS or not?
... so we all like to diss on Cross-site scripting vulnerabilities. ... a serious cookie-stealing XSS in paypal was reported. ... Kiddies reporting XSS vulns in flying colours of a remote code ... Philosophically, "Full disclosure all the way, baby!". ...
(Full-Disclosure)
Re: [Full-Disclosure] Cross-Site Scripting - an industry-wide problem
... I looked at XSS in mayor websites in 2002 and found most of them vulnerable then, I reported it to them and full-disclosure. ... >> the affected site in a special trusted zone it can be possible to execute ... >> does not mean XSS is not a security issue. ...
(Full-Disclosure)
Re: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
... I got 50k yesterday reporting my sister .. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)