mailing list archives
Re: [0 Day] XSS Persistent in Blogspot of Google
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 27 Jan 2013 11:17:51 -0800
OGMMM WTFF 0DAY XSS
Sorry, getting a bit tired of these.
Well, the world is changing. You can probably do a lot more direct damage
with a (legit) XSS in a high-value site than with a local privilege
escalation in sudo.
XSS reports are less actionable for the average reader, but full disclosure
is probably still beneficial, in that it provides data points about the
types of flaws a particular vendor happens to have, and the speed and
quality of the deployed fixes.
Of course, many of the XSS reports in knorr.com and similarly exciting
destinations are zzzzzzzzzz...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: [0 Day] XSS Persistent in Blogspot of Google WHK Yan (Jan 22)