Full Disclosure mailing list archives
Re: Global *.net XSS, thank you Verisign(TM)
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 18 Sep 2003 13:18:25 +0530
have you never heard of a untrusted link??? obviously not.. hint: GET A CLUE Donnie Werner http://e2-labs.com http://exploitlabs.com
And how is this a security issue that is of anything more than trivial importance? How is it a "global XSS" hole? The hole is on a page on sitefinder.verisign.com, not on the server that is answering for *.net and *.com. All that server does is redirect you. The impact of the hole is the same regardless of if the *.com and *.net wildcard exists or not. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Global *.net XSS, thank you Verisign(TM) xss_slut (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) James Greenhalgh (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Paul Holman (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) J.A. Terranson (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- Re: Global *.net XSS, thank you Verisign(TM) Marc Slemko (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- RE: Global *.net XSS, thank you Verisign(TM) Richard M. Smith (Sep 16)
- RE: Global *.net XSS, thank you Verisign(TM) tadpole-boy (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Scott Manley (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)