-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 InfoSecBOFH schrieb: > Cool... so give me a real world attack scenario with this....
How to inject arbitrary client side code into this application using this vulnerability is explained in the advisory. Web links to additional sources explaining XSS are provided, too. I do not think there is a requirement to provide proof that a vulnerability is exploitable to publish it. At least, I can't find this on the Full Disclosure charter. If you need more information on this vulnerability, I propose you aggregate it yourself, hire us or convince me to provide it for free. Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/ G3ihCWhGUciVfT689HzzP+Y= =kO8I -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
