Full Disclosure mailing list archives
Re: MBT Xss vulnerability
From: Jerome Athias <jerome.athias () free fr>
Date: Fri, 20 Jan 2006 19:11:41 +0100
Hey guy, do you know something about XSS 1) Phishing? 2) encoded URL, UTF8...? 3) cookie steal? ... it'll not be difficult to reproduce a website and have an url difficult to understand for a basic user... sure it's harder to spoof the url in the browser... // Native.Code a écrit :
What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT? Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life!
--------------------------------------------------------------------------------------------------------- About FD: "Speech is silver, but silence is gold" /JA /https://www.securinfos.info/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MBT Xss vulnerability, (continued)
- Re: MBT Xss vulnerability Native.Code (Jan 19)
- Re: MBT Xss vulnerability greybrimstone (Jan 19)
- Re: MBT Xss vulnerability MuNNa (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability MuNNa (Jan 20)
- Re: MBT Xss vulnerability Morning Wood (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability MuNNa (Jan 21)
- Re: MBT Xss vulnerability Native.Code (Jan 22)
- Re: MBT Xss vulnerability greybrimstone (Jan 19)
- Re: MBT Xss vulnerability Native.Code (Jan 19)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)