Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [OT] New online service to make XSSs easier
From: Benji <me () b3nji com>
Date: Mon, 7 May 2012 16:53:59 +0100

People using this service definitely wont be up to anything clever or
interesting, so it's barely a concern.

I mean really, this is useful?

On Mon, May 7, 2012 at 4:17 PM, Gage Bystrom <themadichib0d () gmail com> wrote:
Anyone visiting a compromised site can get the hash, meaning anyone
who is looking for it can find it and lets any random person(assuming
stored) visiting to be able to grab all the cookie values.

That's not even my personal concern. My concern is why should I trust
the owner? Whether you are a black hat, white hat, or myriad of other
assorted hats  you would be allowing sensitive information to sit on
this guy's server. How do we know he isn't silently making a copy of
all the data for his own ends? Simply we don't.

On Mon, May 7, 2012 at 6:03 AM,  <Valdis.Kletnieks () vt edu> wrote:
On Mon, 07 May 2012 02:27:33 +0530, karniv0re said:

And this is anonymous.. How??

Haven't checked, but if you set up the userid/password via Tor, should
be pretty anonymous.

http://www.getmycookie.com/view.m3?hash=<insert_hash_here>

And you get somebody else's hash value, how?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]