[Full-disclosure] nVidia.com [Url Redirection flaw]
rjcamarero at gmail.com
Thu Mar 26 16:38:16 GMT 2009
I shall count the seconds it take for Mr. Mac.User to switch internet pages
to go to Mr. Lincoln's gmail and write a reply to himself: 1, 2, finish it
On Thu, Mar 26, 2009 at 12:34 PM, <mac.user at mac.hush.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> My favourite sort of internet personality is one that trolls
> grammar nazis in their well structured insults against the
> intelligence of others. Bravo my friend.
> On Thu, 26 Mar 2009 01:09:38 -0400 Rubén Camarero
> <rjcamarero at gmail.com> wrote:
> >_You_ are two dim to imagine that this issue is more like a bug
> >than a
> >vulnerability. If _you_ did try to imagine it, your head would
> >explode and xssme would ooze out.
> >On Thu, Mar 26, 2009 at 12:42 AM, Nick FitzGerald
> ><nick at virus-l.demon.co.uk>wrote:
> >> Rubén Camarero wrote:
> >> > What great references. Owasp isn't the king of vulnerability
> >> of
> >> > course a website named XSSed is going to count this as super
> >serious, and
> >> > while I respect Insecure.. these days, people have exploited
> >web bugs to
> >> > their max (and I'm waiting for more), but they aren't directly
> >> > DIRECTLY is the key word.
> >> No, but just because this kind of vulnerability is "only"
> >> serious dosen't mean that they aren't serious.
> >> Just because _you_ are too dim to imagine a way that someone can
> >> significantly from exploiting this does not mean that there are
> >not such
> >> methods, NOR that use of such exploits won't "damage" nVidia.
> >> Whether nVidia (and others affected by so many similar
> >> will see this and decide to take action is what really matters.
> >In this
> >> regard, I certainly hope that you do not work for, or consult
> >with, or
> >> otherwise represent the view of nVidia on this issue.
> >> Regards,
> >> Nick FitzGerald
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >Rubén Camarero
> >CCNA, CISSP
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
> -----END PGP SIGNATURE-----
> Free information on the best Web Hosting. Click Now!
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.