> > OGMMM WTFF 0DAY XSS > Sorry, getting a bit tired of these.
Well, the world is changing. You can probably do a lot more direct damage with a (legit) XSS in a high-value site than with a local privilege escalation in sudo. XSS reports are less actionable for the average reader, but full disclosure is probably still beneficial, in that it provides data points about the types of flaws a particular vendor happens to have, and the speed and quality of the deployed fixes. Of course, many of the XSS reports in knorr.com and similarly exciting destinations are zzzzzzzzzz... /mz
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
