Re: [OT] New online service to make XSSs easier

[metasansana () gmail com]

Hence its a crowd sourced database of XSS vulnerable websites.
Sent from my BlackBerry® wireless device available from bmobile.

-----Original Message-----
From: Gage Bystrom <themadichib0d () gmail com>
Sender: full-disclosure-bounces () lists grok org uk
Date: Mon, 7 May 2012 08:17:34 
To: <Valdis.Kletnieks () vt edu>; <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] [OT] New online service to make XSSs easier

Anyone visiting a compromised site can get the hash, meaning anyone
who is looking for it can find it and lets any random person(assuming
stored) visiting to be able to grab all the cookie values.

That's not even my personal concern. My concern is why should I trust
the owner? Whether you are a black hat, white hat, or myriad of other
assorted hats  you would be allowing sensitive information to sit on
this guy's server. How do we know he isn't silently making a copy of
all the data for his own ends? Simply we don't.

On Mon, May 7, 2012 at 6:03 AM,  <Valdis.Kletnieks () vt edu> wrote:
> On Mon, 07 May 2012 02:27:33 +0530, karniv0re said:
>
> > And this is anonymous.. How??
>
> Haven't checked, but if you set up the userid/password via Tor, should
> be pretty anonymous.
>
> > http://www.getmycookie.com/view.m3?hash=<insert_hash_here>
>
> And you get somebody else's hash value, how?
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/