<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Re: BLOGGER XSS VULNERABILITY

Re: BLOGGER XSS VULNERABILITY

From: <Valdis.Kletnieks_at_vt.edu>
Date: Sun, 12 Aug 2007 22:18:09 -0400

On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:

> But I am the only one who is inserting the JavaScript in my blog. So,
> I'll end up stealing the cookies set for my domain. Why would I steal
> cookies set for my domain? I already know them because it is my website.

Obviously, your blog doesn't allow any users to comment...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

application/pgp-signature attachment: stored

Received on Aug 13 2007

This message: [ Message body ]
Next message: Susam Pal: "Re: BLOGGER XSS VULNERABILITY"
Previous message: Michal Zalewski: "Re: Firefox 2.0.0.6 Remote Variable Leakage vulnerability"
In reply to: Susam Pal: "Re: BLOGGER XSS VULNERABILITY"
Next in thread: Susam Pal: "Re: BLOGGER XSS VULNERABILITY"
Reply: Susam Pal: "Re: BLOGGER XSS VULNERABILITY"
Reply: Harry Muchow: "Re: BLOGGER XSS VULNERABILITY"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]