[EMAIL PROTECTED] wrote:
> This is such scenario we should see in the poc and not a usual boxe
> spamming a website ... This does not really alerts a web admin I think.
If this not alerts a web admin ... then nothing can't alert him.
once ago i showed a /etc/passwd to a site admin and his reactio
This is such scenario we should see in the poc and not a usual boxe
spamming a website ... This does not really alerts a web admin I think.
Thanks anyway for the informations.
php0t wrote:
If it works, then you can plant iframes in popular websites so that when
somebody visits them and they
If it works, then you can plant iframes in popular websites so that when
somebody visits them and they happen to be logged on to paypal at the
same time, the injected javascript could make a transaction using the
victim's (visitor's) creditentials. This can all happen without alerting
the user. (T
I wonder what is interesting in this , usually a poc show us we can
upload a crafted webpage on a vulnerable website, fake a whole webpage,
etc, this link doesnt speak much than the noob who found it.
Pigrelax wrote:
Hi!
>From Russia Security Site:
http://www.securitylab.ru/news/270837.php
N
Hi!
>From Russia Security Site:
http://www.securitylab.ru/news/270837.php
New worked XSS on paypal.com:
www.paypal.com/cgi-bin/webscr?cmd=p/gen/-->alert('www.securitylab.ru')
really work :)
___
Full-Disclosure - We believe in it.
Charter: http://lists.
