Full Disclosure mailing list archives

Re: BLOGGER XSS VULNERABILITY

From: Valdis.Kletnieks () vt edu
Date: Sun, 12 Aug 2007 22:18:09 -0400

On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:

But I am the only one who is inserting the JavaScript in my blog. So, 
I'll end up stealing the cookies set for my domain. Why would I steal 
cookies set for my domain? I already know them because it is my website.


Obviously, your blog doesn't allow any users to comment...

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

BLOGGER XSS VULNERABILITY Daniele Costa (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)
  - Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
    - Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 13)
    - Re: BLOGGER XSS VULNERABILITY Harry Muchow (Aug 13)