lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20060808060419.E6F21269@resin05.mta.everyone.net>
Date: Tue, 8 Aug 2006 06:04:19 -0700
From: "Mad World" <penetrator@...e.in.th>
To: <thomas.pollet@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Re: micosoft.com xss

Good morning !

You can doubt, it's your right to do so.
Wanna bet ?
Just open your eyes and your nose will show you that you are actually braking silly structure of page in more than one place ..
I's relatively easy using the same exact place of code you tried to make it.
I have working example, it is based on other microsoft "features" as well.

Greets,
- Mad World

--- thomas.pollet@...il.com wrote:

From: "Thomas Pollet" <thomas.pollet@...il.com>
To: penetrator@...e.in.th
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Re: micosoft.com xss
Date: Tue, 8 Aug 2006 10:18:56 +0200

On 08/08/06, Mad World <penetrator@...e.in.th> wrote:

  Why do you need it ?
  You already discovered xss, the rest of "job" is just matter
  of technique.
  I  think  majority  of  xss  submitters  here could do it by
  various means.
  M$ is lost in its own complexity of how to do simple things.
  If  you  could ever give me reasonable answer for why do you
  need  this  $hit  - I could give you the "rest", like others
  could.

I  doubt  you  actually  tried getting js executed on page load
(for some reason they try to prevent xss in a number of ways).
I did try and didn't succeed, that's why I ask.
Greets,
Thomas



_____________________________________________________________
Visit Thailand @ http://www.sawadee.com
Websearch and email: DNSASIA.com ....  FAST!
128k dialup: login.samuinet.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ