more fun: why didn't you try: <http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E>
i think one can pass almost any xss there (citing http://www.trendmicro.com/en/about/profile/overview.htm : "Trend Micro Incorporated is a global leader in antivirus and Internet content security software and services....") do they test their "internet content security software" on their own pages? greetz knitti > Attention, that's joke-trash: > http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745&VName=WORM_MSBLAST.G > http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_MSBLAST.Z > You can change id's and names... > -mo- > -- > ====================================================================== > G.P > Online-Redaktion > =============================== > Kryptocrew > .: your security advisor team :. mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
