[Full-Disclosure] exploitlabs.com XSS hole someone better beware!

From: dnvat_private
Date: Tue Jul 22 2003 - 02:32:22 PDT

Next message: Last Stage of Delirium: "[VulnWatch] Re: [LSD] Critical security vulnerability in Microsoft Operating Systems"

Previous message: Remko Lodder: "Re: [Full-Disclosure] Re: Fw: Fake Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vunerability(s):
----------------
1. Remote / Local XSS SCRIPT EXECUTION!!


Product:
--------
super cool script by moroning_wood, my m3nt0r in teh XSS style!!


Description of product:
-----------------------

no need for description!! mornining_wood is world renowned XSS pioneer
ninja all world know that! 


VUNERABILITY / EXPLOIT
======================

NO NEED to rip other peoples code this time, this can be done with a
browser, 
i tested with mozilla iexplore 3/4/5/6 and oppera i like oppera.

http://exploitlabs.com/thecore/?>alert('document.location')</script>

-------------------------------^^^^^^^^^^^^XSS STYLE! MORONING_WOOD TEACH
ME!!!

Local:
------
yes ai run from our kompanie webserver!

Remote:
-------
yes a lot!


Vendor Fix:
-----------
No fix on 0day besides this is too cool to fix i like practicing on moroning_wood
server!!


Vendor Contact:
---------------
no because donnie weiner is sleeping and he taught me all XSS i know
so he must know himself.


Credits:
--------
DNV 
dnvat_private
http://www.ibeatmymeat.dk

remember again all you people I AM THE BEST HACKER IN DENMARK!!! AND
YES TCPDUMB I WAS AT CCC YOU JUST NOT KNOW ME BECAUSE I HIDE UNDERCOVER
LIKE reaL HaCkERS!

http://exploitlabs.com/thecore/?>alert('document.location')</script>



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Last Stage of Delirium: "[VulnWatch] Re: [LSD] Critical security vulnerability in Microsoft Operating Systems"
Previous message: Remko Lodder: "Re: [Full-Disclosure] Re: Fw: Fake Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 04:08:38 PDT