XSS at eEye.com #2 (evidence of existence)

["Valery Marchuk" <tecklord () argocom cv ua>]

Hi all!

According to this blog eEye (Ross Brown) denies existence of XSS Vulnerability at their web site.

http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/make_sure_the_s.html

 

Well, what else we can expect from the security company, which cannot protect its own web site?

As an evidence of vulnerability, I've published another XSS bug in my blog. 

Just follow the link in the blog and then press the "Back" button.

 

http://www.securitylab.ru/blog/tecklord/209.php



Have a nice day

Valery

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/