lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <-1357433989298397989@unknownmsgid> Date: Wed, 14 Nov 2012 19:13:28 -0800 From: Swair Mehta <swairmehta@...il.com> To: "pieter@...nsecurity.nl" <pieter@...nsecurity.nl> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Hakin9 Reflected XSS - Irony? Surprises me how people who are selling security stuff can be ignorant. Excellent find. And it is still not fixed. May be they figured no one would click a link that said something like www.hakin9.org/??? . Swair mehta On 14-Nov-2012, at 9:28 AM, "pieter@...nsecurity.nl" <pieter@...nsecurity.nl> wrote: > So, we all remember DICKS Right? > > http://hakin9.org/?s= < Try sticking <body onload=alert(1)> into there :-) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists