lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030916134055.GB19942@c9x.org>
From: j at pureftpd.org (Jedi/Sector One)
Subject: Global *.net XSS, thank you Verisign(TM)

On Mon, Sep 15, 2003 at 08:35:43PM -0700, xss_slut@...hmail.com wrote:
> with a XSS bug, this works in IE:
> Other less exciting versions of this XSS:
> http://sitefinder.verisign.com/lpc?url=meow'><script>alert(document.cookie)</script><'

  Did you _at least_ tell Verisign about this before posting this?
  
  I mailed them about the exact same vuln yesterday and still got no answer
yet, so I guess you didn't care about letting them some time to actully know
about the flaw before posting this to full-disclosure.

  Bad boy.

-- 
		       Let internet explore your host
		    http://www.pivx.com/larholm/unpatched/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ