El 26/03/12 13:37, Damien Cauquil escribió:
> Hi klondike,
>
>
> > PS: What I wonder now is, are the guys behind the CTF reading
> Full-disclosure?
>
> I guess you now have your answer.
>
> > The guys have a cool XSS injection on the fake webmail service which
> can be exploited with a properly cra
BTW last vuln' was also fixed during the prequals.
MajinBoo
Le 26/03/12 13:37, Damien Cauquil a écrit :
Hi klondike,
> PS: What I wonder now is, are the guys behind the CTF reading
Full-disclosure?
I guess you now have your answer.
> The guys have a cool XSS injection on the fake webmail
Hi klondike,
> PS: What I wonder now is, are the guys behind the CTF reading
Full-disclosure?
I guess you now have your answer.
> The guys have a cool XSS injection on the fake webmail service which
can be exploited with a properly crafted subject
You're right, and it has been fixed during the
El 24/03/12 05:27, klondike escribió:
> So I was bored with the nuit du hack prequals and decided to test a
> bit the e-mail service.
>
> The guys have a cool XSS injection on the fake webmail service which
> can be exploited with a properly crafted subject (i.e.
> alert('Hello!'); ). I thought the
