Full Disclosure mailing list archives
Re: LinkedIn_User Account Delete using Click jacking
From: xD 0x41 <secn3t () gmail com>
Date: Mon, 10 Oct 2011 17:26:55 +1100
Hello Michele, I will take a look, because honestly, I dont see anything good about NON persistent xss, so i will have a look and see, thanks :) cheers xd On 10 October 2011 17:24, Michele Orru <antisnatchor () gmail com> wrote:
If you all think XSS, even reflected or DOM-based sucks..probably you don't know the BeEF project. I would suggest you to take a look at http://beefproject.com , try it, and see yourself what you can do :-) Cheers antisnatchor On 10 Oct 2011 02:56, "xD 0x41" <secn3t () gmail com> wrote:YEP! When ya do it right, dang right it is! I did never reproduce the EXACT ethod wich made the x41's happen... but, i dun really care for that bug, or you call it a feature..well, i dont know feratures wich have x41's al;l over the emails when made in a special way... so, it was low-level to :) anyhow, no, i wont bother to recreate the email body, without using any 'features' of googles, for you. It is possible to exploit rich text editor, i have said.. the dll itself.. so maybe go investigate and stfu :) now back to the backdoor. On 10 October 2011 11:23, adam <adam () papsy net> wrote:Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right secn3t? http://seclists.org/fulldisclosure/2011/Jun/215 On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 <secn3t () gmail com> wrote:No, i have been through these, and only an idiot would fall for any of these attacks... Persistent XSS maybe harder, but, forget the rest :) Im to old for that. Never been a victim yet, in *any* way, and, certainly, those bugs wont be starting a trend.. cheer. xd On 10 October 2011 10:27, <Valdis.Kletnieks () vt edu> wrote:On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said:No,... and am happy not to know :-) , like XSS , i do not waste timewithninoritiy bugs such as 'clickjacking' and these new such terms wicharetotal BS.It's all total BS till you discover you're a victim of the attack._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: LinkedIn_User Account Delete using Click jacking, (continued)
- Re: LinkedIn_User Account Delete using Click jacking Laurelai (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking asish agarwalla (Oct 08)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 08)
- Re: LinkedIn_User Account Delete using Click jacking Ferenc Kovacs (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking Valdis . Kletnieks (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking adam (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking Michele Orru (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 08)