Full Disclosure mailing list archives
Re: [WEB SECURITY] Useful technique when performing XSS
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Wed, 7 Feb 2007 20:14:12 +0000
Amit, :) This is not about who did it first. BTW, your example is broken. location.search does not include the fragment identifier. Cheers On 2/7/07, Amit Klein <aksecurity () gmail com> wrote:
pdp (architect) wrote:http://www.gnucitizen.org/blog/playing-in-large Basically this article is about how to squeeze more data into size restricted, unsanitized field. This technique can also be used to hide attackers activities.It seems that you've stumbled upon something I already disclosed: http://www.webappsec.org/lists/websecurity/archive/2005-10/msg00030.html Sorry... -Amit
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Useful technique when performing XSS pdp (architect) (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS pdp (architect) (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS pdp (architect) (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS pdp (architect) (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)