Full Disclosure mailing list archives

Re: Selfmade worms in the wild ;)

From: knitti <knitti () t-base71 no-ip org>
Date: Sat, 30 Aug 2003 03:17:16 +0200


more fun:

why didn't you try:
<http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E>

i think one can pass almost any xss there

(citing http://www.trendmicro.com/en/about/profile/overview.htm :
  "Trend Micro Incorporated is a global leader in antivirus and Internet
  content security software and services....")

do they test their "internet content security software" on their own
pages?


greetz
knitti

Attention, that's joke-trash:

http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745&VName=WORM_MSBLAST.G
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.Z

You can change id's and names...

-mo-
--
======================================================================

G.P
Online-Redaktion

===============================

Kryptocrew
.: your security advisor team :.           mailto:momolly () kryptocrew de


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Selfmade worms in the wild ;) Redaktion-Kryptocrew (Aug 29)
- Re: Selfmade worms in the wild ;) knitti (Aug 29)
- Re: Selfmade worms in the wild ;) morning_wood (Aug 30)
  - Re[2]: Selfmade worms in the wild ;) Redaktion-Kryptocrew (Aug 30)
- <Possible follow-ups>
- Re: Selfmade worms in the wild ;) knitti (Aug 29)