Full Disclosure mailing list archives

Re: VHCS 2.x HTTP Error Cross Site Scripting

From: Moritz Naumann <security () moritz-naumann com>
Date: Thu, 24 Nov 2005 18:04:22 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

InfoSecBOFH schrieb:

Cool... so give me a real world attack scenario with this....


How to inject arbitrary client side code into this application using
this vulnerability is explained in the advisory. Web links to additional
sources explaining XSS are provided, too.

I do not think there is a requirement to provide proof that a
vulnerability is exploitable to publish it. At least, I can't find this
on the Full Disclosure charter.

If you need more information on this vulnerability, I propose you
aggregate it yourself, hire us or convince me to provide it for free.

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/
G3ihCWhGUciVfT689HzzP+Y=
=kO8I
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 22)
- Re: VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 24)
  - Re: VHCS 2.x HTTP Error Cross Site Scripting InfoSecBOFH (Nov 24)
    - Re: VHCS 2.x HTTP Error Cross Site Scripting Moritz Naumann (Nov 24)