Full Disclosure mailing list archives

Re: Global *.net XSS, thank you Verisign(TM)

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 18 Sep 2003 13:18:25 +0530

have you never heard of a untrusted link??? obviously not.. hint: GET A CLUE

Donnie Werner
http://e2-labs.com 
http://exploitlabs.com

And how is this a security issue that is of anything more than trivial
importance?  How is it a "global XSS" hole?

The hole is on a page on sitefinder.verisign.com, not on the server that
is answering for *.net and *.com.  All that server does is redirect you.
The impact of the hole is the same regardless of if the *.com and *.net
wildcard exists or not.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Global *.net XSS, thank you Verisign(TM) xss_slut (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) James Greenhalgh (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) Paul Holman (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) J.A. Terranson (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- Re: Global *.net XSS, thank you Verisign(TM) Marc Slemko (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- RE: Global *.net XSS, thank you Verisign(TM) Richard M. Smith (Sep 16)
  - RE: Global *.net XSS, thank you Verisign(TM) tadpole-boy (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) Scott Manley (Sep 16)