Full Disclosure mailing list archives
Re: Cross-Site Scripting attacks via redirectors in different browsers
From: "MustLive" <mustlive () websecurity com ua>
Date: Wed, 23 Sep 2009 00:49:26 +0300
Hello Tõnu! I'm glad that you liked my article (and advisories) about Cross-Site Scripting attacks via redirectors. You can read my next article on English - Redirectors: the phantom menace (http://websecurity.com.ua/3495/).
And do not forget, this is feature, not bug :P
First, vulnerability it's not the same as bug, these are different things. And so in security field words such as vulnerabilities, vulns and holes must be used, but not "bugs" (to not decrease their level of criticality to ordinary software errors which are bugs). Second, you are right, it's feature (and it was well-known aphorism). Especially it's feature in hacker's hands ;-). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: "Tхnu Samuel" <tonu () jes ee> To: "MustLive" mustlive () websecurity com ua Cc: <full-disclosure () lists grok org uk> Sent: Saturday, September 19, 2009 8:17 PM Subject: Re: [Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
I wrote about five method of attacks in the article (via location-header and refresh-header redirectors) - about four of them I already posted in Bugtraq. In this letter I'll inform you about new vulnerable browsers to those vulnerabilities which I wrote to Bugtraq before.Thanks, useful info for me at least. And do not forget, this is feature, not bug :P Tõnu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross-Site Scripting attacks via redirectors in different browsers MustLive (Sep 17)
- Re: Cross-Site Scripting attacks via redirectors in different browsers darky (Sep 18)
- Re: Cross-Site Scripting attacks via redirectors in different browsers Tõnu Samuel (Sep 20)
- Re: Cross-Site Scripting attacks via redirectors in different browsers MustLive (Sep 22)