XSSSHell looks like the one I was thinking of, though BeEF looks
interesting, too. Thanks!
On Mon, Jun 16, 2008 at 8:50 AM, Tim Brown [EMAIL PROTECTED] wrote:
On Monday 16 June 2008 12:26:48 Hanno Böck wrote:
Am Mittwoch 11 Juni 2008 schrieb Aaron Katz:
Several months ago
Hi all,
Several months ago, there was a post about a proof of concept for complete
browser hijacking via XSS. IIRC, the hijacked browser would periodically
query a management server, and the management server would track the
hijacked browsers in a database. The person controlling the management
AM, Aaron Katz wrote:
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.
The bug, unless Google fixed it already, will have an affect on your
GMail account, but has nothing to do
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.
--
Aaron
On Dec 7, 2007 1:58 AM, Kristian Erik Hermansen
[EMAIL PROTECTED] wrote:
Proof of concept here...
Note that, by editing NoScript's whitelist, removing google.com, and
adding mail.google.com, I can browse to
http://www.kristian-hermansen.com without having my cookie killed.
On Dec 7, 2007 2:59 PM, Aaron Katz [EMAIL PROTECTED] wrote:
Oh! OK. In that case, yeah, I can reproduce
Oh! OK. In that case, yeah, I can reproduce it, no problem :)
-- Forwarded message --
From: Ed Carp [EMAIL PROTECTED]
Date: Dec 7, 2007 2:57 PM
Subject: Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
To: Aaron Katz [EMAIL PROTECTED]
Oh! You need to go
FD is monitored by every major LEA in the world. Posting here is a
good way to notify all of them at once.
So, by your argument, I should send every spam, the first time I see
it, to full-disclosure. I'm sure that will be particularly useful.
Please drop this now. Posting the fulltext of
On 11/2/07, lsi [EMAIL PROTECTED] wrote:
Actually, it would hurt my wallet, and waste my time, compounding the
loss
already incurred by receiving the spam in the first place.
But it's worth your time to forward spam to everyone on the
Simply put, it's evidence of a crime. The mail
Actually, it would hurt my wallet, and waste my time, compounding the
loss
already incurred by receiving the spam in the first place.
But it's worth your time to forward spam to everyone on the
full-disclosure mailing list.
Also, if you really believed that it might come from his campaign,
the spam, which is unlikely
but certainly newsworthy if so. All of these unlikelies got me
curious...
Stu
On 28 Oct 2007 at 12:04, Aaron Katz wrote:
Date sent: Sun, 28 Oct 2007 12:04:13 -0400
From: Aaron Katz [EMAIL PROTECTED]
To: [EMAIL
10 matches
Mail list logo