Russell Jones wrote:
I had to do it - did you check out my site http://www.xssfools.com ?
I trust that you brought the XSS bugs to the attention of the authors of
the various websites? There are far more devious and irresponsible
things to be done with XSS, and your site is essentially providing a
fast and easy template to exploit known bugs with their websites.
That's all well and good, imho, if you at least sent an email to the
appropriate contact emails, and they ackowledged it's a bug and don't
care. I'm sure I don't need to point out some of the potentially bad
things that can be done with XSS, from site-cooking stealing to
attempting to fool the admins into visiting the URL to steal passwords /
elevated priviledges, confidence schemes, email address harvesting (from
logged in users), etc, etc.
Please, tinker. But tinker responsibly.
Aaron S. Joyner
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
