Full Disclosure mailing list archives

RE: Re: Google is vulnerable from XSS attack

From: "Paul" <pvnick () gmail com>
Date: Wed, 7 Dec 2005 18:45:20 -0500

I hacked www.comcast.net about 3 months ago (file content
disclosure/directory transversal). No-one heard about it because after I
reported the problem and it was patched, I had no evidence to back up my
claim, so what would have been the point of telling everyone? However, I
knew that I was doing a responsible thing to help the computer industry. I
just don't think that having a huge company like Comcast under hacker
control would have been a very good idea.

Btw, since when did you "own" a corporation when you're able to execute
script on others' computers?

Not flaming you or anything, just answering your challenge.

Regards,
Paul
Greyhats Security
http://greyhatsecurity.org


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v
Sent: Wednesday, December 07, 2005 3:23 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack

Hackers own Google while vulnerabilities remain unpatched. Once they
patch a vulnerability, they can own me again! Until then... Google is
in the hands of hackers.

Since you're having a stab at me. Wheres your Google and Yahoo
vulnerabilities? Naw, you don't have any. You prefer to go looking for
your SQL injections and cross site scripting in web sites no one has
ever heard of or cared about before (easy targets).

As the score goes, how many high profile brand names have you found
vulnerabilities for?

Fancy having a hacking challenge for finding vulnerabilities in major
dot-com's?

Lets do it!

On 12/7/05, Morning Wood <se_cur_ity () hotmail com> wrote:

who owns you? hint: Google ( they own the world )

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.12/192 - Release Date: 12/5/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.12/192 - Release Date: 12/5/2005
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: famouse n3td3v quotes!, (continued)
- - - Re: famouse n3td3v quotes! Michael Tewner (Dec 08)
    - Re: famouse n3td3v quotes! Paul (Dec 09)
    - Re: famouse n3td3v quotes! Kevin Ponds (Dec 08)
    - Re: famouse n3td3v quotes! Micheal Espinola Jr (Dec 08)
    - Re: famouse n3td3v quotes! Jeff Rosowski (Dec 19)
    - Re: Re: Google is vulnerable from XSS attack Mike Hoye (Dec 07)
    - Re: Re: Google is vulnerable from XSS attack ghost (Dec 08)
    - Message not available
    - Re: Re: Google is vulnerable from XSS attack Tatercrispies (Dec 09)
    - Re: Re: Google is vulnerable from XSS attack sk / GroundZero (Dec 09)
    - Re: Re: Google is vulnerable from XSS attack n3td3v (Dec 09)
    - RE: Re: Google is vulnerable from XSS attack Paul (Dec 07)
    - RE: Re: Google is vulnerable from XSS attack Joseph Pierini (Dec 07)
- Re: Re: Google is vulnerable from XSS attack sk / GroundZero (Dec 07)