Коментарі для запису: MOSEB-06: Vulnerabilities at clusty.com

від: polonus

Mon, 02 Jul 2007 19:45:32 +0000

Hi Alex,

For most of the vulnerabilities in FF I was protected by the Netcraft anti-phishing toolbar. Good I have this installed.

pozdrawiam,

polonus

від: MustLive

Sun, 10 Jun 2007 20:53:09 +0000

Сlusty already fixed this XSS vuln as I see. Only Full path disclosure vuln was left.

від: Silentz

Sun, 10 Jun 2007 20:43:13 +0000

Alex, how did i know you were going to overlooking MOSEB?

I’ve just tried it on Opera and it doesn’t work.

від: Anon

Thu, 07 Jun 2007 12:45:54 +0000

Oh noes, plz do not be pwning my clusty.com a/c mr hax0r!!!111

від: MustLive

Wed, 06 Jun 2007 22:03:07 +0000

Thanks for information, Alex.

I tested it in Mozilla (1.7.7 which I use) and Firefox, and it worked in them. So it is Firefox <2.0 bug (for old versions of Mozilla and Firefox). And I didn’t test this vuln in Opera (not use it), therefore somebody could test it.

від: Alex

Wed, 06 Jun 2007 21:45:26 +0000

s/tag/tag /

Stupid Wordpress.

від: Alex

Wed, 06 Jun 2007 21:44:29 +0000

Closing tag is not present in Firefox 2, so the bug is Firefox 1.x only.