Full Disclosure: Re: First cross-domain XSS worm (not)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: First cross-domain XSS worm (not)

From: Valdis.Kletnieks () vt edu
Date: Mon, 16 Jul 2007 12:42:50 -0400

On Mon, 16 Jul 2007 16:51:22 BST, Berend-Jan Wever said:

without XMLHTTPRequest. I've been told that people saw XSS worms as early as
2000, but I have found no evidence to support this: let me know if you know
something.


It's quite possible that they were out there, but nobody noticed them because
nobody was *looking* for them.  At most sites, if it doesn't trip the IDS,
it literally never happened.  If your intrusion detection system only has
templates for mammals, a hell of a lot of alligators can wander through and
you'll never see one....

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

First cross-domain XSS worm (not) Berend-Jan Wever (Jul 16)
- Re: First cross-domain XSS worm (not) Valdis . Kletnieks (Jul 16)