Full Disclosure mailing list archives
Re: MBT Xss vulnerability
From: Stan Bubrouski <stan.bubrouski () gmail com>
Date: Fri, 20 Jan 2006 13:52:53 -0500
Reading over this again let me clarify why I'm curious about this: 1) Yes I'm aware someone could redirect someone to a form claiming to be by MBT to harvest information 2) I just don't see the relevence to this list (if we reported every XSS in every site, we could fill this list with 100s of message per day) Know what I mean? -sb On 1/20/06, Stan Bubrouski <stan.bubrouski () gmail com> wrote:
Well I'm not going to talk about how XSS is useless because we all know it can be quite a serious problem. I think, and I don't know the guy so I can't be sure, the original dissenter to this post was pointing out that: What would you phish from a site that doesn't have any forms anyways? What would stealing a session cookie get you if the only dynamic content is a search function? I'm not saying XSS isn't important, I'm just wondering why this case is? -sb On 1/20/06, Jerome Athias <jerome.athias () free fr> wrote:Hey guy, do you know something about XSS 1) Phishing? 2) encoded URL, UTF8...? 3) cookie steal? ... it'll not be difficult to reproduce a website and have an url difficult to understand for a basic user... sure it's harder to spoof the url in the browser... // Native.Code a écrit :What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT? Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life!--------------------------------------------------------------------------------------------------------- About FD: "Speech is silver, but silence is gold" /JA /https://www.securinfos.info/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MBT Xss vulnerability, (continued)
- Re: MBT Xss vulnerability MuNNa (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability MuNNa (Jan 20)
- Re: MBT Xss vulnerability Morning Wood (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability MuNNa (Jan 21)
- Re: MBT Xss vulnerability Native.Code (Jan 22)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)
- Re: MBT Xss vulnerability Stan Bubrouski (Jan 20)