Full Disclosure mailing list archives
Re: Global *.net XSS, thank you Verisign(TM)
From: Jedi/Sector One <j () pureftpd org>
Date: Tue, 16 Sep 2003 15:40:33 +0200
On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut () hushmail com wrote:
with a XSS bug, this works in IE: Other less exciting versions of this XSS: http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><'
Did you _at least_ tell Verisign about this before posting this?
I mailed them about the exact same vuln yesterday and still got no answer
yet, so I guess you didn't care about letting them some time to actully know
about the flaw before posting this to full-disclosure.
Bad boy.
--
Let internet explore your host
http://www.pivx.com/larholm/unpatched/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Global *.net XSS, thank you Verisign(TM) xss_slut (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) James Greenhalgh (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Paul Holman (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) J.A. Terranson (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- Re: Global *.net XSS, thank you Verisign(TM) Marc Slemko (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- RE: Global *.net XSS, thank you Verisign(TM) Richard M. Smith (Sep 16)
- RE: Global *.net XSS, thank you Verisign(TM) tadpole-boy (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Scott Manley (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)