[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Netscape.com persistent XSS attack

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Netscape.com persistent XSS attack
Date: Wed, 26 Jul 2006 15:45:22 -0700

I caught this first on RSnake's blog. Netscape.com's newly launched user-driven service (Digg-like) has suffered a persistent cross-site script (XSS) attack. They've since fixed the vulnerability, but not before some choice screenshots were taken of JavaScript alert messages. Addition URL references below.

*OBSCENITY WARNING*

Netscape.com XSSed Due to Failure to Act http://ha.ckers.org/blog/20060726/netscapecom-xssed-due-to-failure-to- act/

AOL Fixes Netscape.com XSS Hack http://www.betanews.com/article/AOL_Fixes_Netscapecom_XSS_Hack/ 1153940441

NetScape.com - JavaScript Exploit Embaressment
http://www.threadwatch.org/node/7714

Netscape.com hacked
http://www.f-secure.com/weblog/archives/archive-072006.html#00000927
http://www.f-secure.com/weblog/archives/Netscape1.jpg
http://www.f-secure.com/weblog/archives/Netscape2.jpg

http://flickr.com/photos/shrikant/198733894/


Regards,

Jeremiah Grossman
CTO, WhiteHat Security
www.whitehatsec.com

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] ERRATA (Re: [WEB SECURITY] Write-up by Amit Klein: "Forging HTTP request headers with Flash")
Next by Date: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Previous by thread: [WEB SECURITY] HttpOnly and Firefox
Next by thread: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site