RE: [Full-disclosure] excessive xss vulnerabilities

Edward Pearson Tue, 09 May 2006 01:34:25 -0700

Interesting, a JS keylogger! You should use XMLHTTP to post the info...

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Swartzbaugh
Sent: 09 May 2006 00:35
To: [email protected]
Subject: [Full-disclosure] excessive xss vulnerabilities

there is a high volume of xss vulnerabilities on this list. take the next step to disclose why xss important for the affected program. for instance, creating a test case that does something privileged or malicious towards a visitor. in attempting to create a keystroke logger in _javascript_ i've found it drops random keystrokes (i think its a speed problem). and i would be interested in seeing more malicious _javascript_.

again please justify why xss is valuable in disclosures of these vulnerabilties
even if its just a cookie stealer, please show why an attacker would want those cookies or how he/she could use them to create a security issue.

thanks
feofil

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] excessive xss vulnerabilities

Reply via email to