MustLive, I can't see how this differs from normal XSS; the server returning unsanitized user input. Surely we don't need to classify each kind of XSS? In PHP, I use a function to write a PHP string into JS space safely, this works in this situation as well. So, how does your "discovery" affect my code at all? It isn't like I sanitize output into say, an onload event but not on a onmouseover event, no?
Regards, Christian Sciberras. On Tue, Jan 5, 2010 at 6:49 PM, MustLive <[email protected]>wrote: > Hello Jeff! > > As I said in previous letter, Happy New Year. And thanks for your attention > to my article. > > > Do you consider yourself as an oz XSS ninja ? > > Not XSS ninja. They can't compare to me ;-). > > I just seriously do my work, when I'm researching any class of > vulnerability > (both stated and unstated in WASC TC v.1/v.2). It concerns as to XSS, as to > other classes of vulnerabilities. > > > Did your C.V. ended in the OWASP trash bin ? > > No. > > > And how the fuck you came up with a nickname like that ? > > I see you became too interested in my person and have too much free time. > > It's a long story (from December 1998 when I created my pseudonym). No need > to speak about it in security mailing list. > > > Let us know, we truly give a shit about your life, and xss. > > As I see you very like to write not serious letters. So, Jeff, take into > account, that I have already added your email to my blacklist. So for you > there is no need to worry to write me any letters. > > If you don't want to read my posts to mailing list you can do one of the > following: 1) Do not read my posts. 2) Add my email to your filters to not > receive them. 3) Unsubscribe from Full-Disclosure mailing list. > > And my recommendation for you: use your time more wiser. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > ----- Original Message ----- > From: Jeff Williams > To: MustLive > Cc: [email protected] > Sent: Monday, January 04, 2010 5:29 AM > Subject: Re: [Full-disclosure] MouseOverJacking attacks > > > Thanks for your wishes MustDie; > > Do you consider yourself as an oz XSS ninja ? > > Did your C.V. ended in the OWASP trash bin ? > > And how the fuck you came up with a nickname like that ? > > > > Let us know, we truly give a shit about your life, and xss. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
