Reading over this again let me clarify why I'm curious about this: 1) Yes I'm aware someone could redirect someone to a form claiming to be by MBT to harvest information 2) I just don't see the relevence to this list (if we reported every XSS in every site, we could fill this list with 100s of message per day)
Know what I mean? -sb On 1/20/06, Stan Bubrouski <[EMAIL PROTECTED]> wrote: > Well I'm not going to talk about how XSS is useless because we all > know it can be quite a serious problem. I think, and I don't know the > guy so I can't be sure, the original dissenter to this post was > pointing out that: > What would you phish from a site that doesn't have any forms anyways? > What would stealing a session cookie get you if the only dynamic > content is a search function? > > I'm not saying XSS isn't important, I'm just wondering why this case is? > > -sb > > On 1/20/06, Jerome Athias <[EMAIL PROTECTED]> wrote: > > Hey guy, do you know something about XSS > > 1) Phishing? > > 2) encoded URL, UTF8...? > > 3) cookie steal? > > ... > > > > it'll not be difficult to reproduce a website and have an url difficult > > to understand for a basic user... > > sure it's harder to spoof the url in the browser... > > // > > > > Native.Code a écrit : > > > What a lame vulnerability it is. If your POC redirects to another site > > > (which is not MBT site), how someone will become victim and believe that > > > he/she is doing business with MBT? > > > > > > Your post is yet another proof that FD is more and more inhibited by scipt > > > kiddies. Get a life! > > > > > > > > > --------------------------------------------------------------------------------------------------------- > > About FD: > > "Speech is silver, but silence is gold" > > > > > > /JA > > /https://www.securinfos.info/ > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
