lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: se_cur_ity at (morning_wood)
Subject: Browser bugs [DoS] - Do they bite?

> > Browser bugs [DoS] ... where will you draw a line?
> DoS bugs that cause permanent damage are treated differently, of course.
> For example, I could imagine a bug that would corrupt some critical file

what about Browser bugs[DoS] a XSS vunerable site?
simple javascript leveraged against a host that has a XSS issue.
so if you could embed <script>javascript:location.reload()</script>
in a high traffic, XSS'able site, you could cause a denial of service
to the webserver from the users trying to view the site.


will continuily refresh to http://host/stupidscript , since it is XSS'able, the
returns the script only to be executed again and again and ( you get the
picture )
could be used legitematly for a "net-sit-in" to deny a site as well.


and exactly why does this produce such an odd result?<script>javascript:location.reloa

Search results for:
(N) orwegian Telecommunications Administration (OTA)
(A) sian Development Bank (SDB-1)
USDA - Office of Operations (UOO)
Shipleys Donut Shops

 ( yum! donuts.  but they did fix thier XSS )


Powered by blists - more mailing lists