Full Disclosure mailing list archives
excessive xss vulnerabilities
From: "Christian Swartzbaugh" <feofil () gmail com>
Date: Mon, 8 May 2006 16:35:22 -0700
there is a high volume of xss vulnerabilities on this list. take the next step to disclose why xss important for the affected program. for instance, creating a test case that does something privileged or malicious towards a visitor. in attempting to create a keystroke logger in javascript i've found it drops random keystrokes (i think its a speed problem). and i would be interested in seeing more malicious javascript. again please justify why xss is valuable in disclosures of these vulnerabilties even if its just a cookie stealer, please show why an attacker would want those cookies or how he/she could use them to create a security issue. thanks feofil
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- excessive xss vulnerabilities Christian Swartzbaugh (May 08)
- Re: excessive xss vulnerabilities n3td3v (May 08)
- <Possible follow-ups>
- RE: excessive xss vulnerabilities Edward Pearson (May 09)
- Re: excessive xss vulnerabilities bugtraq (May 09)