Full Disclosure mailing list archives

Re: BLOGGER XSS VULNERABILITY

From: "Harry Muchow" <wonderfulandromeda () gmail com>
Date: Mon, 13 Aug 2007 23:19:26 +0530

Comments do not allow javascript. Safe!!!

On 8/13/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:

But I am the only one who is inserting the JavaScript in my blog. So,
I'll end up stealing the cookies set for my domain. Why would I steal
cookies set for my domain? I already know them because it is my website.


Obviously, your blog doesn't allow any users to comment...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

BLOGGER XSS VULNERABILITY Daniele Costa (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)
  - Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
    - Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 13)
    - Re: BLOGGER XSS VULNERABILITY Harry Muchow (Aug 13)