[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] XSS on public PGP servers

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] XSS on public PGP servers
From: John Strander <tech.pain@xxxxxxxxxx>
Date: Sat, 22 Oct 2016 23:14:14 -0600

<div>This isn't a top story news flash or anything, but I was doing a search 
for someone's PGP key and dI iscovered a bunch of XSS on several of the public 
key servers:</div><div> </div><div><a 
href="http://pgp.mit.edu/pks/lookup?search=ckers&amp;op=index";>http://pgp.mit.edu/pks/lookup?search=ckers&amp;op=index</a></div><div>
 </div><div><a 
href="https://sks-keyservers.net/pks/lookup?op=vindex&amp;search=ckers";>https://sks-keyservers.net/pks/lookup?op=vindex&amp;search=ckers</a></div><div>
 </div><div> </div>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] New release: UFONet v0.8 - "U-NATi0n!"
Next by Date: [FD] Security Vulnerability : Cisco web site CSRF in change password lead to full account take over
Previous by thread: [FD] New release: UFONet v0.8 - "U-NATi0n!"
Next by thread: [FD] Security Vulnerability : Cisco web site CSRF in change password lead to full account take over
Index(es):
- Date
- Thread