WebApp Sec mailing list archives
Re: myspace hack
From: Disco Jonny <discojonny () gmail com>
Date: Sat, 15 Oct 2005 05:11:37 +0100
im bored with this now... what started as a meaningful discussion has degenerated into i say tom-art-o you say ta-mate-oo why haven't you gotten past the point of caring? a decent thread has degenerated into nobbish semantics. "What's in a name? That which we call a rose by any other name would smell as sweet." -William Shakespeare CHEERS THEN, S. social engineering, the way of life. (can we have a SE list? no? didn't thinkso….) Before 10/15/05 I am sure some people wrote:
I've heard people call it many names - one is Same Site Scripting. javascript he embedded in the profile, I personally like to use Same Domain Scripting I coined the term Same Site Scripting "stored xss" It would make more sense if this was called "script injection" This attack _is_ a classic example of Cross Site Scripting This seems like it is an embedded XSS attack excellent example of an XSS virus. Cross Site Request Forgery attack (also known as a session riding attack) just finished reading about XSS. So this is of special interest.
Current thread:
- RE: myspace hack, (continued)
- RE: myspace hack Griffiths, Ian (Oct 13)
- Re: myspace hack rSYN (Oct 13)
- RE: myspace hack Reynolds, Jake (Oct 14)
- Re: myspace hack Stephen de Vries (Oct 14)
- RE: myspace hack Radoslav Vasilev (Oct 14)
- RE: myspace hack Andrew Chong (Oct 14)
- Re: myspace hack Stephen de Vries (Oct 14)
- Re: myspace hack Tim Brown (Oct 14)
- Re: myspace hack bugtraq (Oct 14)
- Re: myspace hack Tom Gallagher (Oct 14)
- Re: myspace hack Disco Jonny (Oct 14)
- RE: myspace hack Griffiths, Ian (Oct 13)
- RE: myspace hack Jeff Robertson (Oct 14)
- RE: myspace hack Richard M. Smith (Oct 14)
- RE: myspace hack Reynolds, Jake (Oct 14)
- RE: myspace hack Jeff Robertson (Oct 14)
- Re: myspace hack bugtraq (Oct 14)
- Re: myspace hack (readable javascript code ) A. Fontes (Oct 14)
- Re: myspace hack (History of XSS) Jeremiah Grossman (Oct 14)
- RE: myspace hack Evans, Arian (Oct 14)