'Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5)

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site
From:       "Zach C." <fxchip () gmail ! com>
Date:       2011-06-28 8:04:03
Message-ID: BANLkTik9dhXqDx5o_aA8kn+Apvfiookjkg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Mon, Jun 27, 2011 at 8:04 PM, YGN Ethical Hacker Group <lists@yehg.net>wrote:

>
> The XSS results are from purely blackbox scan on Mambo 4.6.5.
>
>
Wait, so you're telling me that you're running some program to find these
and then just reporting the results to this list? If so, please give some
credit to the program's author for actually finding these!

Or, if you mean you're just blindly throwing XSS attacks at random variables
hoping to find one that sticks... well, why hasn't a script been written for
this yet? (Or if one has, what's it called?)

[Attachment #5 (text/html)]

<div class="gmail_quote">On Mon, Jun 27, 2011 at 8:04 PM, YGN Ethical Hacker Group <span \
dir="ltr">&lt;<a href="mailto:lists@yehg.net" target="_blank">lists@yehg.net</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">


<br>
The XSS results are from purely blackbox scan on Mambo \
4.6.5.<br><br></blockquote><div><br>Wait, so you&#39;re telling me that you&#39;re running some \
program to find these and then just reporting the results to this list? If so, please give some \
credit to the program&#39;s author for actually finding these! <br>

<br>Or, if you mean you&#39;re just blindly throwing XSS attacks at random variables hoping to \
find one that sticks... well, why hasn&#39;t a script been written for this yet? (Or if one \
has, what&#39;s it called?) <br></div> </div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic