| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9CA621425D6EAE4FBBD29326CC7D11062ABE73@unity-svr.Unity.local> Date: Tue May 9 09:34:01 2006 From: Ed at unityitservices.co.uk (Edward Pearson) Subject: excessive xss vulnerabilities Interesting, a JS keylogger! You should use XMLHTTP to post the info... ________________________________ From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Christian Swartzbaugh Sent: 09 May 2006 00:35 To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] excessive xss vulnerabilities there is a high volume of xss vulnerabilities on this list. take the next step to disclose why xss important for the affected program. for instance, creating a test case that does something privileged or malicious towards a visitor. in attempting to create a keystroke logger in javascript i've found it drops random keystrokes (i think its a speed problem). and i would be interested in seeing more malicious javascript. again please justify why xss is valuable in disclosures of these vulnerabilties even if its just a cookie stealer, please show why an attacker would want those cookies or how he/she could use them to create a security issue. thanks feofil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060509/2167f378/attachment.html
Powered by blists - more mailing lists