It took me until half the post to realize this wasn't posted by MusntLive but by the original MustLive. With a title like that, I assumed it was some kind of mockery. Sometimes reality is stranger than fiction...
On Sun, Jun 27, 2010 at 4:45 PM, MustLive <mustl...@websecurity.com.ua> wrote: > Hello participants of Full-Disclosure! > > Additional information for those who read my article (and who still didn't > they can do it) Redirectors: the phantom menace > (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). > > In addition to previous 12 attacks via open redirectors this year I added > three new attacks (and soon would add more). > > To before-mentioned attacks the redirectors also can be used: > > - For conducting of XSS attacks via PDF files, which I wrote about in post > regarding Script Injection in Adobe Acrobat > (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html). > > - For conducting of DoS attacks on browsers via redirection to mailto: URL, > which I wrote about in post DoS in Firefox, Internet Explorer, Chrome, Opera > and other browsers (http://websecurity.com.ua/4206/). This concerns both > open redirectors and closed redirectors > (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). > > - For bypassing of restrictions on URL at HTML Injection attacks, > particularly Link Injection. As in case of vulnerability at news.yahoo.com > (http://websecurity.com.ua/3723/). In contrast to bypass of protection > filters at using of closed redirectors (attack #10), in this case not > external redirector is using, but internal one (at this site, or at the site > from allowed list). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/