[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5f4333a90710201302y236e5d5dmd7d48248190b1dcb@mail.gmail.com>
Date: Sat, 20 Oct 2007 15:02:23 -0500
From: phioust <phioust@...il.com>
To: "full-disclosure@....hush.com" <full-disclosure@....hush.com>,
full-disclosure@...ts.grok.org.uk
Subject: Re: Cross Site Hacking Browser Injection Attack
Vulnerability Paradigms
You should email the former lorian of TESO as him and his dreamweaver expert
friends have already started great research into this subject. They spend
all day on the freenode webappsec channel discussing the latest and greatest
utf xss filter bypass vulnerabilities. Just imagine if gnucitizen (pdp
architect ) and the great lorian joined forces. They would put the
ambiguosly gay duo to shame!
On 10/20/07, full-disclosure@....hush.com <full-disclosure@....hush.com>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello friends,
>
> I am a PhD student writing my dissertation on cross site scripting
> related attacks, which I have learned is the true Achilles heel of
> Intraweb exploration technologies. One detail I am unable to find
> with the assistance of the Internet Wayback machine is when and
> what browsers first introduced these vulnerabilities.
>
> So,
>
> 1) What browser was first vulnerable to these attacks,
> 2) Who was the responsible developer,
> 3) How was this vulnerable mechanism replicated across all modern
> browsers,
> 4) Instead of patching individual XSS problems in random web-based
> piano tuning software, why aren't the serious security
> researchers[1] of this list working to develop better technologies
> to block the entire vulnerability class, like the PaX/w^x team has
> done[2], to raise the ante for computer security list posters
> around the world?
>
> Thanks for your help in advance.
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Charset: UTF8
> Version: Hush 2.5
>
> wpwEAQECAAYFAkcaWxwACgkQqTTbVuUWvbLPGgQAlzDzl4PTINCvlRdco/1zocWJbJyg
> CGfRjA6joWhUeRSwfeGvoNnulX3RbXLYePYcvrspZmVrM0mzj4q+tUCPm7Sh0eKfgof/
> NvZWCwVKOsaDTNZSgR7yS3QYJ3R+ekdQi/3nYz61iUFFBkbqi+F8KAQmAGtIcOQgp1EN
> R093Phw=
> =43if
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists