Vulnerability Development mailing list archives
Re: cross site scripting... is your site on this list
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 00:53:08 +0100
until i find what the *real* threat is behind this, i have not notified any of these people... should i?
Take our avarage user, Joe, and let him click on a link. Suddenly he's at
his own bank site, and are met with the text "You are now offered 10%
discount for using our internet service! Simply transfere your money to
your internet account xxxxxxxxxx to receive 10% discount!".
Spam the link to 100000 Joes. It's feasible that an attacker get away with
quite a lot of money before the police storms your place.
So, no, most of the site you mentioned... Who cares if they have CSS
problems. CSS is manly a social engineering tool and shouldn't be a huge
consern to site which aren't security critical, IMHO.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
http://www.eff.org/cafe
Current thread:
- cross site scripting... is your site on this list Ryan Yagatich (Dec 15)
- Re: cross site scripting... is your site on this list Dom De Vitto (Dec 15)
- Re: cross site scripting... is your site on this list Bluefish (P.Magnusson) (Dec 17)
- Re: cross site scripting... is your site on this list fire-eyes (Dec 18)