Full Disclosure mailing list archives
Re: MouseOverJacking attacks
From: T Biehn <tbiehn () gmail com>
Date: Tue, 19 Jan 2010 15:39:34 -0500
Hello MustLive! Thanking you for taking a personal approach to all of your list admirers! Prosperous futures abound! A missive granted in thy honor sweet prince of XSS. On Sun, Jan 17, 2010 at 4:33 PM, MustLive <mustlive () websecurity com ua> wrote:
Hello Travis! Thanks for your attention to my article about MouseOverJacking attacks.If you read the HTML specification you can find all sorts of XSS attack vectors that people just assumed would be redundant to write entire articles on!Yes, I'm familiar with HTML specification (as web developer from beginning of 1999) and I know about different events in HTML. And as web security professional I know a lot of XSS vectors. Many of events in HTML are not widespread enough (or not usable enough) for XSS attacks to write entire articles about them, but such ones as onclick and onmouseover are those which worth entire articles. There were said a lot about attacks via onclick in 2008, so I decided to said about onmouseover in 2009 (because it worths it). P.S. Because Jeff is already in my blacklist, as I mentioned to the list, so in the future no need to send me his letters. If you'll decide to answer me, than write me directly. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: "T Biehn" <tbiehn () gmail com> To: "Jeff Williams" <jeffwillis30 () gmail com> Cc: "MustLive" <mustlive () websecurity com ua>; <full-disclosure () lists grok org uk> Sent: Tuesday, January 05, 2010 4:53 PM Subject: Re: [Full-disclosure] MouseOverJacking attacksHey MustLive! If you read the HTML specification you can find all sorts of XSS attack vectors that people just assumed would be redundant to write entire articles on! Here! http://www.w3.org/TR/REC-html40/interact/scripts.html -Travis On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams <jeffwillis30 () gmail com> wrote:Thanks for your wishes MustDie; Do you consider yourself as an oz XSS ninja ? Did your C.V. ended in the OWASP trash bin ? And how the fuck you came up with a nickname like that ? Let us know, we truly give a shit about your life, and xss. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da
-- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MouseOverJacking attacks MustLive (Jan 03)
- Re: MouseOverJacking attacks Jeff Williams (Jan 03)
- Re: MouseOverJacking attacks T Biehn (Jan 05)
- Message not available
- Re: MouseOverJacking attacks T Biehn (Jan 19)
- Re: MouseOverJacking attacks T Biehn (Jan 05)
- Re: MouseOverJacking attacks MustLive (Jan 06)
- Re: MouseOverJacking attacks Christian Sciberras (Jan 06)
- Re: MouseOverJacking attacks Chris Evans (Jan 06)
- Re: MouseOverJacking attacks Jeff Williams (Jan 03)