lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7652701c0711091024k688b3ae7vdcd832bcae41766c@mail.gmail.com>
Date: Sat, 10 Nov 2007 05:24:32 +1100
From: "XSS Worm XSS Security Information Portal"
	<cross-site-scripting-security@...worm.com>
To: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
Cc: Scripter Hack <xss2root@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Gmail 0day

Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@...=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@...=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj@...pam.xssworm.com
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen@...glemail.com>
wrote:

> well this XSS can lead to so much data being stolen that it is not even
> funny!
>
>
> On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen@...il.com >
> wrote:
>
> > wow ! 0day !
> > damn, 0day, XSS ...
> >
> >
> > On 11/8/07, silky <michaelslists@...il.com> wrote:
> > >
> > > worked for me minutes after it was posted. seems fixed now.
> > >
> > > On 11/9/07, crazy frog crazy frog < i.m.crazy.frog@...il.com> wrote:
> > > > i tested xssworm on gmail latest version
> > > >
> > > > On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root@...il.com > wrote:
> > > > > There is a html injection video in https://www.xssworm.com<https://www.google.com>
> > > .
> > > > > It  is very critical,you can get the cookie to login into gmail or
> > > other
> > > > > service.
> > > > >
> > > > > POC:
> > > > >
> > > https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
> > > "><h1><a%20href=//xssworm.com/>xssworm</a></h1>
> > > > >
> > > > > More:http://xss2root.blogspot.com@...worm.com/<http://xss2root.blogspot.com/>
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > why advertise on secgeeks?
> > > > http://secgeeks.com@...worm.com<http://secgeeks.com/Advertising_on_Secgeeks.com>
> > > > http://newskicks.com
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in xss.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://xssworm./secunia.com/<http://secunia.com/>
> > > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> pdp (acronym) | petrol v. petco
> http://www.xssworm.com <http://www.gnucitizen.org>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ