Full Disclosure mailing list archives
Re: To XSS or not?
From: "Aaron Gray" <angray () beeb net>
Date: Tue, 25 Jul 2006 03:02:50 +0100
how we will measure which one is major and which not ? major for you is minor for me and vice versa.
Major is an XSS on a well used "major"web site, or a financial based webh site even if it is a "minor" web site. A "minor" XSS web vulnability is one on a little known site. Hope you argee with this definition.
if we agree that XSS are vulns (i personally agree) then they deserve to be reported. Just look at the subject of the message that report a XSS and choose to read it or to not read it.
Yes I do, but I think a spcialized list is in order for web vulnabilities.
XSS are based on bad code practices .. some day the programmers will learn to not make such mistakes if we point them. if we ignore them .... well security is not based on ignorance.
Yes I need to learn about this area as I am doing a couple of PHP&MySQL based web sites myself and would like a specialized list to ask Q's on. Regards, Aaron
Aaron Gray wrote:Major ones could still be reported on the other lists. Aaronsomething like xsstraq powered on securityfocus should be cleaner yep :)Maybe there should be a special XSS list that could specialize in that area ?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- To XSS or not? Gadi Evron (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)
- Re: To XSS or not? ad () heapoverflow com (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)
- Re: To XSS or not? Valery Marchuk (Jul 23)
- Re: To XSS or not? Javor Ninov (Jul 24)
- Re: To XSS or not? Aaron Gray (Jul 24)
- Re: To XSS or not? Michael Simpson (Jul 25)
- Re: To XSS or not? ad () heapoverflow com (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)