On 1/19/06, MuNNa <[EMAIL PROTECTED]> wrote: > > Hahaha ... native code doesnt seem to understand the meaning of Xss and why > it can be of security concern. Here not only url re-direction is possible
Why would he be concerned? The problem is that most sites on the internet suffer from XSS vulenrabilities, its just that nobody cares because there is nothing to gain from the sites. Nothing to gain you say? Yes. Let's take this site you posted about for example, I didn't look over the entire site, but glancing I don't even see anything which XSS would help you compromise. The site seemingly is all static content (minus a search, correct me if I'm wrong) with no e-mail portal, forums, or anything else that the XSS could be leveraged to gain access to. Since the site offeres no direct services (right?) what exactly could you trick people into doing here? The session cookie seems worthless since there's no login or anything... > but also execution of malicious javascripts is possible.Your Lame reply Which would be meaningful if: A) this site were used by millions of people B) there was something worth compromising the site for (like access to webmail, personal information, etc...) I think what I'm missing here is why this particular XSS is useful in any way shape or form? Am I missing something significant about this site? Do people trust it for something? > makes me think that you are one of the following: > 1.An employee of MBT criticising me in the interest of the company 'or' > 2.A poor spammer who doesnt know anything but tries to shows-off as if he is > the MASTER. If this is the case carry on with your spamming business and > good luck for your future. Isn't that what you are doing? -sb > > Regards; > Santosh J. > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
