On Fri, 18 Apr 2008 11:01:26 EDT, Joey Mengele said:
> I believe you are missing something. XSS is merely a type of
> vulnerability. It is very common for an XSS payload to include a
> DDoS component. If you had done your research before retorting you
> would have known this.
Yes, but although we have evidence that a DDoS of some sort is underway,
we have *ZERO*, *ZIP*, *ZILTCH*, *GOOSE-EGG* indication that an XSS was
involved. For all you know, it was an iframe injection into clients that
visited a compromised webserver that downloaded the DDoS tool.
Sounds more like a "textbook case of calling it an XSS because when you only
have a hammer everything looks like a nail".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/pgp-signature attachment: stored
Received on Apr 18 2008
Intro
