| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <2F344138-608B-4249-9A57-2D1E37641716@gmail.com> Date: Mon, 6 Nov 2006 12:44:30 -0800 From: Andrew Farmer <andfarm@...il.com> To: <corrado.liotta@...ce.it> <corrado.liotta@...ce.it> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [x0n3-h4ck.org] PayPal vulnerable to XSS On 04 Nov 06, at 11:39, <corrado.liotta@...ce.it> <corrado.liotta@...ce.it> wrote: > this is a request, that I have passed server to the web, complete > of the code that would allow the xss: > GET / HTTP/1.0 > Accept: */* > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET > CLR 1.1.4322) > Host: www.paypal.com > Cookie: cookie_check=yes;feel_cookie= <snip big session cookies> > LANG=--><ScRiPt%20%0a%0d>alert(1234567890)%3B</ScRiPt> <snip more cookies> > Connection: Close > Pragma: no-cache That's not exploitable. Remember that the "XS" in XSS stands for "cross-site": you have to be able to trigger the scripting using ordinary requests from another site. To generate this cookie, you'd need to already have scripting access to the paypal.com domain - in which case you don't care anymore. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists