Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting

from [Moritz Naumann] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
Date: Thu, 24 Nov 2005 18:04:22 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

InfoSecBOFH schrieb:

Cool... so give me a real world attack scenario with this....


How to inject arbitrary client side code into this application using
this vulnerability is explained in the advisory. Web links to additional
sources explaining XSS are provided, too.

I do not think there is a requirement to provide proof that a
vulnerability is exploitable to publish it. At least, I can't find this
on the Full Disclosure charter.

If you need more information on this vulnerability, I propose you
aggregate it yourself, hire us or convince me to provide it for free.

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/
G3ihCWhGUciVfT689HzzP+Y=
=kO8I
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Re: FD list, Phrack High Council
Next by Date:  Re: [Full-disclosure] Re: FD list, Dude VanWinkle
Previous by Thread:  Re: [Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting, InfoSecBOFH
Next by Thread:  [Full-disclosure] OTRS 1.x/2.x Multiple Security Issues, Moritz Naumann
Indexes:  [Date] [Thread] [Top] [All Lists]