|
Vulnerability Development
mailing list archives
Re: cross site scripting... is your site on this list
From: Dom De Vitto <dom () DEVITTO COM>
Date: Thu, 14 Dec 2000 23:14:59 -0000
Only if the site spits out 'trusted' information, a good example would be if it has https, cookies etc. Basically CSS
means you can make your pages look, and be trusted, a little like the site's own.
Dom
| -----Original Message-----
| From: VULN-DEV List [mailto:VULN-DEV () securityfocus com]On Behalf Of Ryan
| Yagatich
| Sent: 14 December 2000 04:57
| To: VULN-DEV () securityfocus com
| Subject: cross site scripting... is your site on this list
|
|
| This is a known problem with places... here is a list of servers i found
| that have this bug still... is your site on this list??
|
| http://www.freeasp.com
| http://hotbot.lycos.com
| http://www.go.com
| http://www.canada.com
| http://www.fireball.de
| http://www.funkycat.com
| http://www.worldlight.com
| http://www.searchit.com
| http://www.theatre-link.com (sort-of)
| http://www.1800ussearch.com
| http://www.monstercrawler.com
| http://search.wolfram.com
| http://www.lycos.com
| http://www.faqs.org
| http://search.icq.com
| http://www.looksmart.com
| http://www.godado.co.uk (shows full path to script... hrm...)
| http://www.lyricsearch.com
| http://www.computerservicenow.com
|
| until i find what the *real* threat is behind this, i have not
| notified any
| of these people... should i?
|
|
| ryan
|
| -----
| those who have no life are those who spend their time complaining about
| the ones being criticised
| -----
|
 By Date 
By Thread
Current thread:
|
Intro
