Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cross site scripting... is your site on this list

From: Dom De Vitto <dom () DEVITTO COM>
Date: Thu, 14 Dec 2000 23:14:59 -0000
Only if the site spits out 'trusted' information, a good example would be if it has https, cookies etc.  Basically CSS 
means you can make your pages look, and be trusted, a little like the site's own.

Dom

 | -----Original Message-----
 | From: VULN-DEV List [mailto:VULN-DEV () securityfocus com]On Behalf Of Ryan
 | Yagatich
 | Sent: 14 December 2000 04:57
 | To: VULN-DEV () securityfocus com
 | Subject: cross site scripting... is your site on this list
 | 
 | 
 | This is a known problem with places... here is a list of servers i found
 | that have this bug still... is your site on this list??
 | 
 | http://www.freeasp.com
 | http://hotbot.lycos.com
 | http://www.go.com
 | http://www.canada.com
 | http://www.fireball.de
 | http://www.funkycat.com
 | http://www.worldlight.com
 | http://www.searchit.com
 | http://www.theatre-link.com (sort-of)
 | http://www.1800ussearch.com
 | http://www.monstercrawler.com
 | http://search.wolfram.com
 | http://www.lycos.com
 | http://www.faqs.org
 | http://search.icq.com
 | http://www.looksmart.com
 | http://www.godado.co.uk (shows full path to script... hrm...)
 | http://www.lyricsearch.com
 | http://www.computerservicenow.com
 | 
 | until i find what the *real* threat is behind this, i have not 
 | notified any
 | of these people... should i?
 | 
 | 
 | ryan
 | 
 | -----
 |   those who have no life are those who spend their time complaining about
 | the ones being criticised
 | -----
 |
Previous By Date Next
Previous By Thread Next

Current thread: