The reason, attacker will go for XSSED.com instead of providing their
own database is that XSSED has bigger audience and the chances for
someone contributing a new vector are higher. Web2.0 is all about
segmenting services in small independent but very useful blocks. So,
why bother create a new dat
I agree, well you already explained this problem some weeks ago and i got
a bit upset thinking about it, as seeing bad guys using our site is the
last thing i'd like to see. But you're right on this point. I think that
your explanation could apply for other kind of vulnerabilities with other
web si
Dear petko d. petkov,
I don't know if it was your intention, but you're giving a bad name to
xssed.com, which goal is to organize the public XSS vulnerabilities, make
statistics, and first of all to spread education about XSS
vulnerabilities. While the scenario you describe is somehow possible, it
http://www.gnucitizen.org/blog/the-next-super-worm
In this article I explain a technique that can be used by malicious
minds to build the next generation of JavaScript based malware. The
post is for education purposes and I welcome everyone who has ideas
how to stop these types of attacks to do so
