XSS sample using Zone Alarm link

Discussion in 'other security issues & news' started by elio, May 10, 2007.

Thread Status:
Not open for further replies.
  1. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    As "normal ZA user", I am pretty freakout about XSS! :eek: :mad: :'( :ouch: o_O :thumbd:

    I am following the advice per https://www.wilderssecurity.com/showpost.php?p=1002678&postcount=38
    I am following the advice per https://www.wilderssecurity.com/showpost.php?p=1002745&postcount=41
    I am following the advice per https://www.wilderssecurity.com/showpost.php?p=1010441&postcount=49
    NO "automatic completion enabled", "user already logged in" or "persistent authentication cookie (AKA Remember me)"

    I have a request, every once in a while, can you guys please post a "Recap"?

    (My current setup is in my signature.)

    Mike
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,906
    Location:
    localhost
    Re: [Split Topic] XSS sample using ZA link

    Uuuhm, looks like the log-in system has changed and your exploit does not work anymore... ;)

    Or I am missing something?

    Cheers,
    Fax
     
  3. elio

    elio Registered Member

    Joined:
    May 3, 2007
    Posts:
    77
    Re: [Split Topic] XSS sample using ZA link

    They fixed it when this topic has been linked by NoScript's author in a slashdot post, and this PoC had been here for more than one month ;)

    BTW, the same kind of vulnerability is still available on their site (in another, even more visible page) and can be exploited exactly in the same manner.
    But I won't post any link, as promised to forum admins... :rolleyes:
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,906
    Location:
    localhost
    Re: [Split Topic] XSS sample using ZA link

    As usual you should inform them and send the vulnerable link...

    Cheers,
    Fax
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.