[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Hakin9 Reflected XSS - Irony?

To: "pieter@xxxxxxxxxxxxxxx" <pieter@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Hakin9 Reflected XSS - Irony?
From: Swair Mehta <swairmehta@xxxxxxxxx>
Date: Wed, 14 Nov 2012 19:13:28 -0800

Surprises me how people who are selling security stuff can be ignorant.

Excellent find. And it is still not fixed.
May be they figured no one would click a link that said something like
www.hakin9.org/??? .

Swair mehta

On 14-Nov-2012, at 9:28 AM, "pieter@xxxxxxxxxxxxxxx"
<pieter@xxxxxxxxxxxxxxx> wrote:

> So, we all remember DICKS Right?
>
> http://hakin9.org/?s= < Try sticking <body onload=alert(1)> into there :-)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Hakin9 Reflected XSS - Irony?
  - From: pieter

Prev by Date: Re: [Full-disclosure] Skype account + IM history hijack vulnerability
Next by Date: [Full-disclosure] (no subject)
Previous by thread: [Full-disclosure] Hakin9 Reflected XSS - Irony?
Next by thread: [Full-disclosure] linux rootkit in combination with nginx
Index(es):
- Date
- Thread