Slightly hard to understand what you're saying but I think I get the point. Reminds me of a qoute from someone "No self respecting hacker would use Wordpress". Can't remember where I read that. On Dec 7, 2011 3:41 PM, "xD 0x41" <[email protected]> wrote:
> ah k, i have not really looked at it but ye, xss has never ranked to > highly with me... but, i guess if it were to be defaced, then people > would probably cal it *hacked* lol... i guess people dont get it yet, > no one uses theyre web box, as theyre actual, 'safe' ox...not anyone i > know..... > anyhow ye.. i dont know much in the area, but, id hate to be pwnd thru > a login.php :s > > > 2011/12/8 Gage Bystrom <[email protected]>: > > Not really. It it isn't exploitable in any sense of the word its not a > > vulnerability. It's akin to opening up firebug, writing the generic xss > PoC > > and calling the site vulnerable :P I'd love to bash on these guys as > much as > > you want to, but let it be a real vulnerability. If it is one, then > kudos. > > > > On Dec 7, 2011 3:16 PM, "Tomy" <[email protected]> wrote: > >> > >> > >> it does not matter, it's about the fact that someone > who publishes such a > >> newspaper should know his stuff.. > >> > >> Tomy > >> > >> > >> > >> Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. 00:04: > >> > >> Nice, but is it stored? Or at least reflective? > >> > >> On Dec 7, 2011 2:59 PM, "Tomy" <[email protected]> wrote: > >>> > >>> > >>> still vulnerable: > >>> > >>> sample: > >>> http://pentestmag.com:80/wp-login.php?action=register (XSS) > >>> > >>> e-mail: > >>> [email protected]</sCrIpT><sCrIpT>alert(87118)</sCrIpT> > >>> > >>> > >>> LOL > >>> > >>> > >>> > >>> Wiadomość napisana przez xD 0x41 w dniu 7 gru 2011, o godz. 23:30: > >>> > >>> > >>> > >>> Tomy > >>> [email protected] > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Full-Disclosure - We believe in it. > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > >> Tomy > >> [email protected] > >> > >> > >> > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
