lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <10468868437.20030830033843@t-base71.no-ip.org>
From: lists2k3 at t-base71.no-ip.org (knitti)
Subject: Selfmade worms in the wild ;)

more fun:

why didn't you try:
<http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E>

i think one can pass almost any xss there

(citing http://www.trendmicro.com/en/about/profile/overview.htm :
  "Trend Micro Incorporated is a global leader in antivirus and Internet
  content security software and services....")

do they test their "internet content security software" on their own
pages?


greetz
knitti



> Attention, that's joke-trash:

> http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745&VName=WORM_MSBLAST.G
> http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.Z


> You can change id's and names...


> -mo-
> --
> ======================================================================

> G.P
> Online-Redaktion

> ===============================

> Kryptocrew
> .: your security advisor team :.           mailto:momolly@...ptocrew.de


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ