XSS Worm XSS Security Information Portal wrote: > #!/bin/sh > > # 0day exploit for Paul Schmehl > # based on information provided by Paul Schmehl > # [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > # > > echo pauls > /hack/edu/utdallas.edu/known.addresses > > googledump.pl --email-addresses --context-links > --referers --extended-links -keywords "Paul","Schmehl","utdallas.edu > <http://utdallas.edu>", "pauls@", "[EMAIL PROTECTED] > ","paul.schmehl@" --verbose > > socialgrab.pl --known-address "[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>" --real-name "Paul Schmehl" > --tags=security,hacking,utdallas,vulnerability > --search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress > > --verbose --dump-links > > infopull.pl --pgp-search --whois --domaintools --usenet --trackers > --irclog --mirrors --listserv --known-addresses="[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>" > > echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu > > # http://xssworm.com HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA
> > > > > > On 11/19/07, *Paul Schmehl* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > --On November 19, 2007 3:34:23 AM +0000 worried security > <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > > The forth most important rule to becoming a security professional, > > always use a throw-away e-mail account so it doesn't matter of > script > > kids hi-jack your e-mail account with the next cross-site scripting > > vulnerablity that gets posted to the public mailing lists. > > > You forgot the most important rule of all. Pay no heed to bozos > who post > anonymously and don't even have a job in security. Their advice is > usually worth just as much as their reputation. > > Paul Schmehl ( [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > <http://www.utdallas.edu/ir/security/> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > <http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Francesco Vaj [CISSP - GIAC] > CSS Security Researcher > mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > aim: XSS Cross Site > ------ > XSS Cross Site Scripting Attacks > Web 2.0 Application Security Information Blog (tm) 2007 > http://www.XSSworm.com/ > ------ > "Vaj, bella vaj. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
