Full Disclosure mailing list archives
Re: posting xss notifications in sites vs software packages
From: Info <info () inshell net>
Date: Wed, 08 Feb 2012 17:30:18 +0100
A general question: is it legal to search for XSS vulnerabilities on custom websites ? Julien On 02/08/2012 04:37 PM, Packet Storm wrote:
On Tue, Feb 07, 2012 at 06:18:24PM -0500, b wrote:What is the point of posting notifications of XSS vulnerabilities in specific web sites instead of alerts of xss vulns in specific software packages? This question was prompted by all the postings by that vulnerability lab stuff.In some cases, a cross site scripting vulnerability in a given site can affect a large user base and the code is custom to the business. As an example, a cross site scripting issue in gmail is probably more catastrophic than a cross site scripting vuln in some half-rate CMS. Not to mention there's the other situation where small website design shops repackage other open source code, brand it as part of their offering, and never provide updates to their customers. The Internet is a mess. $0.02 -Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- posting xss notifications in sites vs software packages b (Feb 08)
- Re: posting xss notifications in sites vs software packages Luis Santana (Feb 08)
- Re: posting xss notifications in sites vs software packages Packet Storm (Feb 08)
- Re: posting xss notifications in sites vs software packages Info (Feb 08)
- Re: posting xss notifications in sites vs software packages Valdis . Kletnieks (Feb 08)
- Re: posting xss notifications in sites vs software packages Luis Santana (Feb 08)
- Re: posting xss notifications in sites vs software packages Info (Feb 10)
- Re: posting xss notifications in sites vs software packages Info (Feb 08)
- Re: posting xss notifications in sites vs software packages Greg Knaddison (Feb 08)