Re: [Full-disclosure] UNSUBSCRIBE
Do you know how to use a list? Do you think there are a bunch of monkeys sitting at the other end of the list who are constantly monitoring who sends what and would unsubscribe someone as soon as they see a post with UNSUBSCRIBE message? No! You need to unsubscribe using a well defined procedure. Do you know how to use Google or are you a clown who escaped from the village circus? On 10/9/07, sushil Agarwal [EMAIL PROTECTED] wrote: UNSUBSCRIBE please dont send me any mail now onwards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
V - EXPLOIT CODE An exploit for this vulnerability has been developed but will not released to the general public at this time. Don't ever release that to general public. Why would we like to run rm -rf / in such a funny way? I can type the command in the shell if all I want to do is attack myself. ;-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
Comments do not allow javascript. Safe!!! On 8/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said: But I am the only one who is inserting the JavaScript in my blog. So, I'll end up stealing the cookies set for my domain. Why would I steal cookies set for my domain? I already know them because it is my website. Obviously, your blog doesn't allow any users to comment... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HomestayFinder XSS Vulnerability in Wikipedia Mirror
It works for me. JS enabled in your browser? On 7/11/07, Matjaz Debelak [EMAIL PROTECTED] wrote: Well, it does not appear to work for me in any browser (tested Firefox 2.0.0.3 and Konqueror). LP Killer_X Susam Pal wrote: There is an XSS vulnerability in HomestayFinder's 'Dictionary.aspx' script which is responsible for mirroring the content of Wikipedia. I found this interesting because here a script injected in one website exploits an XSS vulnerability in another website. I am including only a short example to demonstrate the issue. The complete document is available at:- http://susam.in/security/advisory-2007-07-11.txt http://en.wikipedia.org/wiki/User:Susam_pal/Sandbox consists of the following as the source wiki markup: scriptalert('XSS Demo')/script http://www.homestayfinder.com/Dictionary.aspx?q=User:Susam_pal/Sandbox consists of the same code as HTML without the special characters encoded as HTML entities. Hence, the script is executed on the browser of the visitor. Contact Information:- Susam Pal [EMAIL PROTECTED] http://susam.in/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HomestayFinder XSS Vulnerability in Wikipedia Mirror
http://www.homestayfinder.com/Dictionary.aspx?q=User:Susam_pal/Sandbox now redirects to http://www.inglesnoexterior.com/dictionary.aspx?q=User:Susam_pal/Sandbox Vulnerable script moved to another domain. To protect the cookies of homestayfinder.com??? Wondering whether this kinda attack would be called persistent XSS or something else? This is a case where the attack vector goes into one site and the vector exploits another site. How to classify this? On 7/11/07, Susam Pal [EMAIL PROTECTED] wrote: Hi Matjaz, I just checked it and I find it to be working with the browsers I have (tested with Firefox 2.0.0.3 and Internet Explorer 7). http://www.homestayfinder.com/Dictionary.aspx?q=User:Susam_pal/Sandbox demonstrates the vulnerability. http://en.wikipedia.org/wiki/User:Susam_pal/Sandbox is the page where the script is hosted. The script present in Wikipedia exploits the XSS vulnerability in HomestayFinder's Dictionary.aspx script. Regards, Susam Pal Matjaz Debelak writes: Well, it does not appear to work for me in any browser (tested Firefox 2.0.0.3 and Konqueror). LP Killer_X Susam Pal wrote: There is an XSS vulnerability in HomestayFinder's 'Dictionary.aspx' script which is responsible for mirroring the content of Wikipedia. I found this interesting because here a script injected in one website exploits an XSS vulnerability in another website. I am including only a short example to demonstrate the issue. The complete document is available at:- http://susam.in/security/advisory-2007-07-11.txt http://en.wikipedia.org/wiki/User:Susam_pal/Sandbox consists of the following as the source wiki markup: scriptalert('XSS Demo')/script http://www.homestayfinder.com/Dictionary.aspx?q=User:Susam_pal/Sandbox consists of the same code as HTML without the special characters encoded as HTML entities. Hence, the script is executed on the browser of the visitor. Contact Information:- Susam Pal [EMAIL PROTECTED] http://susam.in/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/