Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MouseOverJacking attacks

From: T Biehn <tbiehn () gmail com>
Date: Tue, 19 Jan 2010 15:39:34 -0500
Hello MustLive!
Thanking you for taking a personal approach to all of your list admirers!

Prosperous futures abound!

A missive granted in thy honor sweet prince of XSS.

On Sun, Jan 17, 2010 at 4:33 PM, MustLive <mustlive () websecurity com ua> wrote:

Hello Travis!

Thanks for your attention to my article about MouseOverJacking attacks.


If you read the HTML specification you can find all sorts of XSS
attack vectors that people just assumed would be redundant to write
entire articles on!


Yes, I'm familiar with HTML specification (as web developer from beginning
of 1999) and I know about different events in HTML. And as web security
professional I know a lot of XSS vectors.

Many of events in HTML are not widespread enough (or not usable enough) for
XSS attacks to write entire articles about them, but such ones as onclick
and onmouseover are those which worth entire articles. There were said a lot
about attacks via onclick in 2008, so I decided to said about onmouseover in
2009 (because it worths it).

P.S.

Because Jeff is already in my blacklist, as I mentioned to the list, so in
the future no need to send me his letters. If you'll decide to answer me,
than write me directly.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- From: "T Biehn" <tbiehn () gmail com>
To: "Jeff Williams" <jeffwillis30 () gmail com>
Cc: "MustLive" <mustlive () websecurity com ua>;
<full-disclosure () lists grok org uk>
Sent: Tuesday, January 05, 2010 4:53 PM
Subject: Re: [Full-disclosure] MouseOverJacking attacks



Hey MustLive!
If you read the HTML specification you can find all sorts of XSS
attack vectors that people just assumed would be redundant to write
entire articles on!

Here!
http://www.w3.org/TR/REC-html40/interact/scripts.html

-Travis

On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams <jeffwillis30 () gmail com>
wrote:


Thanks for your wishes MustDie;

Do you consider yourself as an oz XSS ninja ?

Did your C.V. ended in the OWASP trash bin ?

And how the fuck you came up with a nickname like that ?



Let us know, we truly give a shit about your life, and xss.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da







-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: