Not really. It it isn't exploitable in any sense of the word its not a vulnerability. It's akin to opening up firebug, writing the generic xss PoC and calling the site vulnerable :P I'd love to bash on these guys as much as you want to, but let it be a real vulnerability. If it is one, then kudos. On Dec 7, 2011 3:16 PM, "Tomy" <[email protected]> wrote:
> > it does not matter, it's about the fact that someone who publishes such a > newspaper should know his stuff.. > > Tomy > > > > Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. 00:04: > > Nice, but is it stored? Or at least reflective? > On Dec 7, 2011 2:59 PM, "Tomy" <[email protected]> wrote: > >> >> still vulnerable: >> >> sample: >> http://pentestmag.com:80/wp-login.php?action=register<http://pentestmag.com/wp-login.php?action=register> >> (XSS) >> >> e-mail: >> [email protected]</sCrIpT><sCrIpT>alert(87118)</sCrIpT> >> >> >> LOL >> >> >> >> Wiadomość napisana przez xD 0x41 w dniu 7 gru 2011, o godz. 23:30: >> >> >> >> Tomy >> [email protected] >> >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > Tomy > [email protected] > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
