Full Disclosure: Re: Netgear SSL312 XSS vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Netgear SSL312 XSS vulnerability

From: "Lolek of TK53" <lolek1337 () googlemail com>
Date: Thu, 18 Oct 2007 19:06:25 +0200

Yoyo,
On 10/17/07, rembrandt () jpberlin de <rembrandt () jpberlin de> wrote:

Dear SkyOut, dear Packetstorm team (tedd :)) and dear List.

The author brocke a NDA during the releasing of this "uber"-Advisory.

Skyout: What the fuck is wrong with u? Even ignoring our mails... wow?
We provided the Router, told him to take a look and he angreed to a NDA.

Do I care if you release a XSS? Hell no...
But I care if you accapted a NDA because of other internal things.

Did you found it by yourself? Well not realy... (We provided a router,
told you to take a look for XSS....) Is it uber-critical?


Lol whoever you are, you are going to do an NDA for an XSS in a router
firmware web interface?
I fail to see a real security issue ;D
Cheers
Lolek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Netgear SSL312 XSS vulnerability SkyOut (Oct 13)
- Re: Netgear SSL312 XSS vulnerability rembrandt (Oct 18)
  - Re: Netgear SSL312 XSS vulnerability Lolek of TK53 (Oct 18)
- <Possible follow-ups>
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 18)
  - Re: Netgear SSL312 XSS vulnerability jpk (Oct 19)
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 19)
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 19)