lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOuH4p0NPViR-ndV+u2zqqEnqnD-Xyv1ugMZhGbYoHbSgCReuw@mail.gmail.com> Date: Mon, 28 Jan 2013 11:51:44 +0100 From: Guifre <guifre.ruiz@...il.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: ANTRAX <antrax.bt@...il.com>, Hispabyte HQH <fdkaos2000@...oo.es>, vuln@...unia.com, submissions@...ketstormsecurity.com, submit@...ecurity.com, full-disclosure@...ts.grok.org.uk, mr.inj3ct0r@...il.com, vuldb@...urityfocus.com, el-brujo@...acker.net Subject: Re: [0 Day] XSS Persistent in Blogspot of Google Hello, Agree with Michal. It is very interesting to get to know know new complex xss vulnerabilities. IMAHO, the issue here is claiming to have found a vulnerability without providing a PoC of how to use it to violate a security policy of the targeted service, probably because there are none, and therefore it's not a vulnerability but a feature. Regards, Guifre. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists