Re: Cross site scripting @verisign.com and @cybercash.com

From: kristalaz (kristalaz@tdd.lt)
Date: 04/22/02


From: "kristalaz" <kristalaz@tdd.lt>
To: "KF" <dotslash@snosoft.com>, <websitesupport@verisign.com>, <support@verisign.com>, <recon@snosoft.com>, <vuln-dev@security-focus.com>, <bugtraq@security-focus.com>
Date: Mon, 22 Apr 2002 13:59:44 +0200

I donīt think that this is a bug in theirs servers, because if you try this
"about:<script>alert('hi')</script>" write in your adress at IE >4.0, you
will see that its a IE bug, because this site is generated by browser
------
kristalaz
kristalaz@yahoo.com
http://linux.tinkle.lt

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



Relevant Pages

  • [REVS] Security holes... Who cares? (Security patches handling case study)
    ... Immediately after the publication of the bug and its ... subsequent fix we identified a set of vulnerable servers. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Re: Bug 2341 - ntpd fails to keep up with clock drift at poll>7
    ... The bug report is for ntp 4.2.7, i.e. the developer version, so this may not occur with the current stable version, which is 4.2.6p5. ... However, my observation is that usually the Windows system time is disciplined more accurately with short polling intervals, at least under Windows. ... So my advice would have been to use minpoll 4 maxpoll 4, if this setting wouldn't affect the workaround implemented in -dev. ... servers with low or no minpoll, backup servers are polled at minpoll or ...
    (comp.protocols.time.ntp)
  • Re: SSH Auth Failure?
    ... >> While doing updates on my servers, I came across this one and I'm ... If the only solution to the information leak is to have this delay, ... </snip from bug comments> ... bogus log messages are not ok. ...
    (RedHat)
  • Re: Intel em receive hang and possible pr #72970 + some offtop
    ... After this driver from RELENG_6 will be buildable. ... If one experiences a bug in a FreeBSD release, ... And this servers aren't less ...
    (freebsd-net)
  • Re: Dupe
    ... Can't blame blizzard for keeping quiet. ... still possibly this "dupe bug" is just a hoax that has been hyped by ... > But Blizzard just can't officially admit to have problems, ... If they shut down all servers, ...
    (alt.games.warcraft)