Full Disclosure mailing list archives
Re: VHCS 2.x HTTP Error Cross Site Scripting
From: Moritz Naumann <security () moritz-naumann com>
Date: Thu, 24 Nov 2005 18:04:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 InfoSecBOFH schrieb:
Cool... so give me a real world attack scenario with this....
How to inject arbitrary client side code into this application using this vulnerability is explained in the advisory. Web links to additional sources explaining XSS are provided, too. I do not think there is a requirement to provide proof that a vulnerability is exploitable to publish it. At least, I can't find this on the Full Disclosure charter. If you need more information on this vulnerability, I propose you aggregate it yourself, hire us or convince me to provide it for free. Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/ G3ihCWhGUciVfT689HzzP+Y= =kO8I -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 22)
- Re: VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 24)
- Re: VHCS 2.x HTTP Error Cross Site Scripting InfoSecBOFH (Nov 24)
- Re: VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 24)
- Re: VHCS 2.x HTTP Error Cross Site Scripting InfoSecBOFH (Nov 24)
- Re: VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 24)