Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [0 Day] XSS Persistent in Blogspot of Google
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 27 Jan 2013 11:17:51 -0800


OGMMM WTFF 0DAY XSS
Sorry, getting a bit tired of these.


Well, the world is changing. You can probably do a lot more direct damage
with a (legit) XSS in a high-value site than with a local privilege
escalation in sudo.

XSS reports are less actionable for the average reader, but full disclosure
is probably still beneficial, in that it provides data points about the
types of flaws a particular vendor happens to have, and the speed and
quality of the deployed fixes.

Of course, many of the XSS reports in knorr.com and similarly exciting
destinations are zzzzzzzzzz...

/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]