Full Disclosure mailing list archives

RE: excessive xss vulnerabilities

From: "Edward Pearson" <Ed () unityitservices co uk>
Date: Tue, 9 May 2006 09:33:02 +0100

Interesting, a JS keylogger! You should use XMLHTTP to post the info...

________________________________

From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
Christian Swartzbaugh
Sent: 09 May 2006 00:35
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] excessive xss vulnerabilities

there is a high volume of xss vulnerabilities on this list. take the
next step to disclose why xss important for the affected program. for
instance, creating a test case that does something privileged or
malicious towards a visitor. in attempting to create a keystroke logger
in javascript i've found it drops random keystrokes (i think its a speed
problem). and i would be interested in seeing more malicious javascript.

again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would
want those cookies or how he/she could use them to create a security
issue. 

thanks
feofil

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

excessive xss vulnerabilities Christian Swartzbaugh (May 08)
- Re: excessive xss vulnerabilities n3td3v (May 08)
- <Possible follow-ups>
- RE: excessive xss vulnerabilities Edward Pearson (May 09)
  - Re: excessive xss vulnerabilities bugtraq (May 09)