[Full-disclosure] BLOGGER XSS VULNERABILITY

Susam Pal susam at susam.in
Mon Aug 13 06:39:02 BST 2007

Previous message: [Full-disclosure] DEFCON 15 and Blackhat 2007 presentations iso CDs ?
Next message: [Full-disclosure] CNN.com XSS hacked
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Aug 13, 2007 7:48 AM +0530 Valdis.Kletnieks at vt.edu said:
>
> Obviously, your blog doesn't allow any users to comment...

Even if a blog allows users to comment, it is still not a
vulnerability. As per the report, blogspot.com allows the
JavaScript in the blog. JavaScript is *not* allowed in the
comments.

Regards,
Susam Pal
http://susam.in/

Previous message: [Full-disclosure] DEFCON 15 and Blackhat 2007 presentations iso CDs ?
Next message: [Full-disclosure] CNN.com XSS hacked
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.