Full Disclosure mailing list archives
Re: [0 Day] XSS Persistent in Blogspot of Google
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 27 Jan 2013 11:17:51 -0800
OGMMM WTFF 0DAY XSS Sorry, getting a bit tired of these.
Well, the world is changing. You can probably do a lot more direct damage with a (legit) XSS in a high-value site than with a local privilege escalation in sudo. XSS reports are less actionable for the average reader, but full disclosure is probably still beneficial, in that it provides data points about the types of flaws a particular vendor happens to have, and the speed and quality of the deployed fixes. Of course, many of the XSS reports in knorr.com and similarly exciting destinations are zzzzzzzzzz... /mz
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [0 Day] XSS Persistent in Blogspot of Google ANTRAX (Jan 22)
- Re: [0 Day] XSS Persistent in Blogspot of Google Jakub Zoczek (Jan 22)
- Re: [0 Day] XSS Persistent in Blogspot of Google ANTRAX (Jan 22)
- Re: [0 Day] XSS Persistent in Blogspot of Google Gynvael Coldwind (Jan 25)
- Re: [0 Day] XSS Persistent in Blogspot of Google ANTRAX (Jan 25)
- Re: [0 Day] XSS Persistent in Blogspot of Google Elfius (Jan 27)
- Re: [0 Day] XSS Persistent in Blogspot of Google Michal Zalewski (Jan 28)
- Re: [0 Day] XSS Persistent in Blogspot of Google Guifre (Jan 29)
- Re: [0 Day] XSS Persistent in Blogspot of Google antisnatchor (Jan 29)
- Re: [0 Day] XSS Persistent in Blogspot of Google ANTRAX (Jan 22)
- Re: [0 Day] XSS Persistent in Blogspot of Google Jakub Zoczek (Jan 22)