Full Disclosure mailing list archives

Re: Re: micosoft.com xss

From: "Thomas Pollet" <thomas.pollet () gmail com>
Date: Tue, 8 Aug 2006 10:18:56 +0200

On 08/08/06, Mad World <penetrator () home in th> wrote:


Why do you need it ?
You already discovered xss, the rest of "job" is just matter of technique.
I think majority of xss submitters here could do it by various means.
M$ is lost in its own complexity of how to do simple things.

If you could ever give me reasonable answer for why do you need this $hit
- I could give you the "rest", like others could.

I doubt you actually tried getting js executed on page load (for some reason
they try to prevent xss in a number of ways).
I did try and didn't succeed, that's why I ask.

Greets,
Thomas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

micosoft.com xss Thomas Pollet (Aug 07)
- <Possible follow-ups>
- Re: Re: micosoft.com xss Mad World (Aug 07)
  - Re: Re: micosoft.com xss Thomas Pollet (Aug 08)
- Re: Re: micosoft.com xss Mad World (Aug 08)
- Re: Re: micosoft.com xss Mad World (Aug 08)
  - Re: Re: micosoft.com xss Thomas Pollet (Aug 08)