A general question: is it legal to search for XSS vulnerabilities on custom websites ?
Julien On 02/08/2012 04:37 PM, Packet Storm wrote: > On Tue, Feb 07, 2012 at 06:18:24PM -0500, b wrote: >> What is the point of posting notifications of XSS vulnerabilities in >> specific web sites instead of alerts of xss vulns in specific software >> packages? >> >> This question was prompted by all the postings by that vulnerability lab >> stuff. > In some cases, a cross site scripting vulnerability in a given site can > affect a large user base and the code is custom to the business. As an > example, a cross site scripting issue in gmail is probably more catastrophic > than a cross site scripting vuln in some half-rate CMS. Not to mention > there's the other situation where small website design shops repackage other > open source code, brand it as part of their offering, and never provide > updates to their customers. The Internet is a mess. $0.02 > > -Todd > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
