lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200307220932.h6M9WM9b020947@mailserver2.hushmail.com>
Date: Tue, 22 Jul 2003 02:32:22 -0700
From: <dnv@...hmail.com>
To: full-disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com
Subject: exploitlabs.com XSS hole someone better beware!



Vunerability(s):
----------------
1. Remote / Local XSS SCRIPT EXECUTION!!


Product:
--------
super cool script by moroning_wood, my m3nt0r in teh XSS style!!


Description of product:
-----------------------

no need for description!! mornining_wood is world renowned XSS pioneer
ninja all world know that! 


VUNERABILITY / EXPLOIT
======================

NO NEED to rip other peoples code this time, this can be done with a
browser, 
i tested with mozilla iexplore 3/4/5/6 and oppera i like oppera.

http://exploitlabs.com/thecore/?<script>alert('document.location')</script>

-------------------------------^^^^^^^^^^^^XSS STYLE! MORONING_WOOD TEACH
ME!!!

Local:
------
yes ai run from our kompanie webserver!

Remote:
-------
yes a lot!


Vendor Fix:
-----------
No fix on 0day besides this is too cool to fix i like practicing on moroning_wood
server!!


Vendor Contact:
---------------
no because donnie weiner is sleeping and he taught me all XSS i know
so he must know himself.


Credits:
--------
DNV 
dnv@...hmail.com
http://www.ibeatmymeat.dk

remember again all you people I AM THE BEST HACKER IN DENMARK!!! AND
YES TCPDUMB I WAS AT CCC YOU JUST NOT KNOW ME BECAUSE I HIDE UNDERCOVER
LIKE reaL HaCkERS!

http://exploitlabs.com/thecore/?<script>alert('document.location')</script>



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ