If you all think XSS, even reflected or DOM-based sucks..probably you don't know the BeEF project. I would suggest you to take a look at http://beefproject.com , try it, and see yourself what you can do :-) Cheers antisnatchor On 10 Oct 2011 02:56, "xD 0x41" <sec...@gmail.com> wrote:
> YEP! > When ya do it right, dang right it is! > > I did never reproduce the EXACT ethod wich made the x41's happen... but, i > dun really care for that bug, or you call it a feature..well, i dont know > feratures wich have x41's al;l over the emails when made in a special way... > so, it was low-level to :) > anyhow, no, i wont bother to recreate the email body, without using any > 'features' of googles, for you. > It is possible to exploit rich text editor, i have said.. the dll itself.. > so maybe go investigate and stfu :) > now back to the backdoor. > > > > > On 10 October 2011 11:23, adam <a...@papsy.net> wrote: > >> Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right >> secn3t? >> >> http://seclists.org/fulldisclosure/2011/Jun/215 >> >> On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 <sec...@gmail.com> wrote: >> >>> No, i have been through these, and only an idiot would fall for any of >>> these attacks... Persistent XSS maybe harder, but, forget the rest :) >>> Im to old for that. >>> Never been a victim yet, in *any* way, and, certainly, those bugs wont be >>> starting a trend.. >>> cheer. >>> xd >>> >>> >>> >>> On 10 October 2011 10:27, <valdis.kletni...@vt.edu> wrote: >>> >>>> On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said: >>>> >>>> > No,... and am happy not to know :-) , like XSS , i do not waste time >>>> with >>>> > ninoritiy bugs such as 'clickjacking' and these new such terms wich >>>> are >>>> > total BS. >>>> >>>> It's all total BS till you discover you're a victim of the attack. >>>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
