Vulnerability Development mailing list archives
Re: cross site scripting... is your site on this list
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 00:53:08 +0100
until i find what the *real* threat is behind this, i have not notified any of these people... should i?
Take our avarage user, Joe, and let him click on a link. Suddenly he's at his own bank site, and are met with the text "You are now offered 10% discount for using our internet service! Simply transfere your money to your internet account xxxxxxxxxx to receive 10% discount!". Spam the link to 100000 Joes. It's feasible that an attacker get away with quite a lot of money before the police storms your place. So, no, most of the site you mentioned... Who cares if they have CSS problems. CSS is manly a social engineering tool and shouldn't be a huge consern to site which aren't security critical, IMHO. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- cross site scripting... is your site on this list Ryan Yagatich (Dec 15)
- Re: cross site scripting... is your site on this list Dom De Vitto (Dec 15)
- Re: cross site scripting... is your site on this list Bluefish (P.Magnusson) (Dec 17)
- Re: cross site scripting... is your site on this list fire-eyes (Dec 18)