On Sat, Apr 16, 2011 at 07:56:18PM -0500, security curmudgeon wrote: > > : SecurityVulns ID: 11310. > > : XSS (WASC-08): > : > : > http://site/console/forget.php?e_mail=%3Cscript%3Ealert(document.cookie)%3C/script%3E&seenform=y > > How many times are you going to disclose this? > > http://seclists.org/bugtraq/2010/Jun/189 > > http://seclists.org/fulldisclosure/2010/Aug/306 > > http://seclists.org/fulldisclosure/2010/Dec/465 > > The June disclosure has a timeline indicating you had "announced" it > almost two years prior to that: > > 21.11.2007 - found some of these vulnerabilities. > 11.08.2008 - announced at my site. > 11.08.2008 - informed admins of web site. > 11.08.2008 - found others of these vulnerabilities. > 11.02.2009 - disclosed at my site about first vulnerabilities. > 05.05.2009 - disclosed at my site about other vulnerabilities. > 06.05.2009 - informed admins of web site about other vulnerabilities. > 18.06.2010 - disclosed at my site about vulnerabilities in eSitesBuilder > (after I found that they concerned with eSitesBuilder). > 19.06.2010 - informed developers (in case if owners of vulnerable site > didn't informed them in previous years). > > Seriously, how long can you milk a single XSS here? > > : 2010.10.08 - announced at my site. > : 2010.10.08 - informed developers. > : 2010.12.16 - disclosed at my site. > : > : I mentioned about these vulnerabilities at my site > : (http://websecurity.com.ua/4588/). > > http://websecurity.com.ua/4300/ > > Several times, yes you did.
You are wasting your time. Mustlive is a idiot :) Best regards, Henri _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
