I believe this discussion is about people who have real skills ( which is why you are confused ).. not "o so I couldn't finish my CS degree or function outside of computers so now I am doing XSS for a living" .... If XSS is the extent of your knowledge then I guess it will get food on your table but I think you should switch to this:
<a href="http://www.securityfocus.com/archive/105">http://www.securityfocus.com/archive/105</a> mailing list.<br><br>and btw:<br>needing someone to visit a webpage so you can xsrf isnt exactly military grade 0day nor is it stealthy ( not that you would know anything about stealthy exploits) but i guess people jumped on it so much so that their cissp capable minds wouldn't be confused by sql injection [1].
<br><br>I also do not know why you assume someone that doesnt consider lame XSS as an 'exploit' could not work professionally. Maybe you just have no skill and thats all your job requires of you?<br><br>[1] <a href="http://seclists.org/dailydave/2007/q4/0016.html">
http://seclists.org/dailydave/2007/q4/0016.html</a><br><br><br><div><span class="gmail_quote">On 10/14/07, <b class="gmail_sendername">pdp (architect)</b> <<a href="mailto:pdp.gnucitizen@googlemail.com">pdp.gnucitizen@googlemail.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I really don't know what you refer to as an exploit.. :) and more
<br>over, it is obvious that you have a lack of knowledge on what's more<br>valuable nowadays. don't take it personal.<br><br>do you work professionally?<br><br></blockquote></div><br>