Thursday, September 21, 2006
Real Live XSS
Via Rsnake’s sla.ckers.org message board, XSS disclosures are in abundance! Dell, HP, MySpace, Photobucket, F5, Acunetix, and a slew of others are listed. Dark Reading has some timely coverage (“Hackers Reveal Vulnerable Websites”) with yours truly quoted. SEO Egghead has a funny PoC from a Harvard website (“Go to Princeton Instead! “) Most of the proof-of-concept XSS links appear safe enough to click on, but I don’t recommend it, just in case.