lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: james.greenhalgh at worldpay.com (James Greenhalgh) Subject: Global *.net XSS, thank you Verisign(TM) On Tue, 2003-09-16 at 14:40, Jedi/Sector One wrote: > On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@...hmail.com wrote: > > with a XSS bug, this works in IE: > > Other less exciting versions of this XSS: > > http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><' > > Did you _at least_ tell Verisign about this before posting this? Verisign didn't _at least_ tell people before they put a dumbass wildcard entry into the domains. They didn't _at least_ tell me when they transferred control over a domain of mine to some random unknown company, to a member of staff who has left the face of the earth. They deserve everything they get. -- James Greenhalgh <james.greenhalgh@...ldpay.com>
Powered by blists - more mailing lists