Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [0 Day] XSS Persistent in Blogspot of Google
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 27 Jan 2013 11:17:51 -0800

Sorry, getting a bit tired of these.

Well, the world is changing. You can probably do a lot more direct damage
with a (legit) XSS in a high-value site than with a local privilege
escalation in sudo.

XSS reports are less actionable for the average reader, but full disclosure
is probably still beneficial, in that it provides data points about the
types of flaws a particular vendor happens to have, and the speed and
quality of the deployed fixes.

Of course, many of the XSS reports in knorr.com and similarly exciting
destinations are zzzzzzzzzz...

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]