Vulnerability Development mailing list archives
Re: Sourceforge.net XSS
From: "Daniel" <clearscreen () lycantrope com>
Date: Thu, 13 Apr 2006 01:59:06 +0200
Hehehe think about the possibilities when you have the power to inject any html/javascript you like in a webpage. Just take the google xss example from that one site. A simple javascript source file was injected and it would send back all the searched data to the hacker. Think about what you can use that for, creditcard/paypal phishing? Stealing secure information? Ripping cookie(document.cookie!!!)contents? I guess you yourself could think of more examples yourself. You basicly set the point, people see XSS holes as pretty harmless 'bugs' in their code but they should really be seen as high-risk vulnerabilities.
----- Original Message ----- From: <v9 () fakehalo us>
To: <vuln-dev () securityfocus com> Sent: Wednesday, April 12, 2006 10:29 PM Subject: Re: Sourceforge.net XSS
Is it me, or do these XSS vulnerabilies not really count? I don't see a way this can be abused other than to yourself. In my book a XSS vulnerability must be stored on the server and displayed for others to view, otherwise whats the point? If i'm not getting the big picture, someone inform me...I don't mean to flame on you specifically, but I have seen alot of these "XSS in the URL" dealios lately.
Current thread:
- Sourceforge.net XSS the . spikey (Apr 09)
- <Possible follow-ups>
- Re: Sourceforge.net XSS v9 (Apr 12)
- Re: Sourceforge.net XSS Daniel (Apr 12)
- Re: Re: Sourceforge.net XSS v9 (Apr 13)
- Re: Sourceforge.net XSS ascii (Apr 13)
- Re: Sourceforge.net XSS Juan C Calderon (Apr 17)
- Re: Sourceforge.net XSS v9 (Apr 17)
- Re: Sourceforge.net XSS morgan allen (Apr 18)
- Re: Sourceforge.net XSS Valdis . Kletnieks (Apr 18)
- Re: Sourceforge.net XSS Juan C Calderon (Apr 18)
- Re: Sourceforge.net XSS v9 (Apr 17)