MS XSS - Linux

This is a discussion on MS XSS - Linux ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Man... MS are so open ... http://s5h.net/u?46 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHNdvZ4dyr7s6PRYgRAoi2AKCQkw3SM+Oec6ME4b9s3H EGjchcQwCeJvW1 Q4XBW6bsdeI1roHg+8FEtvA= =jy+v -----END PGP SIGNATURE-----...

+ Reply to Thread
Results 1 to 12 of 12

Thread: MS XSS

  1. MS XSS

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Man... MS are so open ...


    http://s5h.net/u?46

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHNdvZ4dyr7s6PRYgRAoi2AKCQkw3SM+Oec6ME4b9s3H EGjchcQwCeJvW1
    Q4XBW6bsdeI1roHg+8FEtvA=
    =jy+v
    -----END PGP SIGNATURE-----

  2. Re: MS XSS

    After takin' a swig o' grog, ed belched out this bit o' wisdom:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Man... MS are so open ...
    >
    > http://s5h.net/u?46


    What's up with the moving all over the desktop?

    http://www.internetisseriousbusiness.com/

    Hardwiring the script to 1600x1200? How neophyte!

    And thank God for the kill command.

    --
    Tux rox!

  3. Re: MS XSS

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Sat, 10 Nov 2007 18:57:52 GMT
    Linonut wrote:


    > > Man... MS are so open ...
    > >
    > > http://s5h.net/u?46

    >
    > What's up with the moving all over the desktop?
    >
    > http://www.internetisseriousbusiness.com/
    >
    > Hardwiring the script to 1600x1200? How neophyte!
    >
    > And thank God for the kill command.


    Do you like the way that its using a MS XSS vuln? I wonder how many
    people have used that to make a fake passport login page :-)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0 595fhpDQCbB9dy
    Iid4qjvREVs+eOeDBXkQAVA=
    =a3aB
    -----END PGP SIGNATURE-----

  4. Re: MS XSS

    ____/ ed on Saturday 10 November 2007 20:43 : \____

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > On Sat, 10 Nov 2007 18:57:52 GMT
    > Linonut wrote:
    >
    >> > Man... MS are so open ...
    >> >
    >> > http://s5h.net/u?46

    >>
    >> What's up with the moving all over the desktop?
    >>
    >> http://www.internetisseriousbusiness.com/
    >>
    >> Hardwiring the script to 1600x1200? How neophyte!
    >>
    >> And thank God for the kill command.

    >
    > Do you like the way that its using a MS XSS vuln? I wonder how many
    > people have used that to make a fake passport login page :-)
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.6 (GNU/Linux)
    >
    > iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0 595fhpDQCbB9dy
    > Iid4qjvREVs+eOeDBXkQAVA=
    > =a3aB
    > -----END PGP SIGNATURE-----


    It was spotted by one of the Diggers in the security section of Digg about a
    year ago and I posted this to COLA.

    Worry not however. Microsoft will hire someone to cover up with an excuse.

    Yes, Microsoft is hiring.

    http://msdn.microsoft.com/library/de.../usenet-shill/

    --
    ~~ Best of wishes

    This sedentary lifestyle on the Net leads to fatigue. And then you wake up.
    http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
    Tasks: 111 total, 1 running, 110 sleeping, 0 stopped, 0 zombie
    http://iuron.com - knowledge engine, not a search engine

  5. Re: MS XSS

    On Sat, 10 Nov 2007 23:42:26 +0000, Roy Schestowitz wrote:

    > ____/ ed on Saturday 10 November 2007 20:43 : \____
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> On Sat, 10 Nov 2007 18:57:52 GMT
    >> Linonut wrote:
    >>
    >>> > Man... MS are so open ...
    >>> >
    >>> > http://s5h.net/u?46
    >>>
    >>> What's up with the moving all over the desktop?
    >>>
    >>> http://www.internetisseriousbusiness.com/
    >>>
    >>> Hardwiring the script to 1600x1200? How neophyte!
    >>>
    >>> And thank God for the kill command.

    >>
    >> Do you like the way that its using a MS XSS vuln? I wonder how many
    >> people have used that to make a fake passport login page :-)
    >> -----BEGIN PGP SIGNATURE-----
    >> Version: GnuPG v1.4.6 (GNU/Linux)
    >>
    >> iD8DBQFHNhea4dyr7s6PRYgRAi7CAJ9zlyvERVlF+j2nCMOuL0 595fhpDQCbB9dy
    >> Iid4qjvREVs+eOeDBXkQAVA=
    >> =a3aB
    >> -----END PGP SIGNATURE-----

    >
    > It was spotted by one of the Diggers in the security section of Digg about a
    > year ago and I posted this to COLA.
    >
    > Worry not however. Microsoft will hire someone to cover up with an excuse.
    >
    > Yes, Microsoft is hiring.
    >
    > http://msdn.microsoft.com/library/de.../usenet-shill/


    Actually, that appears to be a flaw in firefox, not ie (at least not IE7).

    When i go there in Firefox, i get the redirected url. When I go in IE7, i
    get "page cannot be found"

  6. Re: MS XSS

    Erik Funkenbusch wrote:

    > Actually, that appears to be a flaw in firefox, not ie (at least not IE7).


    > When i go there in Firefox, i get the redirected url. When I go in IE7, i get "page cannot be found"


    Which bits in msdn.microsoft.com detect Firefox and serve up different
    code ? You know like the bits in Hotmail that strip off the file type
    extension if you are not using IExplore ..

  7. Re: MS XSS

    On 11 Nov, 17:57, Erik Funkenbusch
    wrote:

    > On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:
    >> Erik Funkenbusch wrote:


    >> Which bits in msdn.microsoft.com detect Firefox and serve up different code ? You know like the bits in Hotmail that strip off the file type extension if you are not using IExplore ..


    > It's the same code in FF as IE7. I've compared the served code ..


    Can we see, not that I don't doubt your word ..

    http://www.extremetech.com/article2/...,890280,00.asp



  8. Re: MS XSS

    On Sun, 11 Nov 2007 11:43:12 -0800, Doug Mentohl wrote:

    > On 11 Nov, 17:57, Erik Funkenbusch
    > wrote:
    >
    >> On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:
    >>> Erik Funkenbusch wrote:

    >
    >>> Which bits in msdn.microsoft.com detect Firefox and serve up different code ? You know like the bits in Hotmail that strip off the file type extension if you are not using IExplore ..

    >
    >> It's the same code in FF as IE7. I've compared the served code ..

    >
    > Can we see, not that I don't doubt your word ..
    >
    > http://www.extremetech.com/article2/...,890280,00.asp


    Go ahead, i'm not stopping you.

  9. Re: MS XSS

    Doug Mentohl wrote:
    > Erik Funkenbusch wrote:
    >> Doug Mentohl wrote:
    >>> Erik Funkenbusch wrote:

    >
    >>> Which bits in msdn.microsoft.com detect Firefox and serve
    >>> up different code ? You know like the bits in Hotmail that
    >>> strip off the file type extension if you are not using
    >>> IExplore ..

    >
    >> It's the same code in FF as IE7. I've compared the served
    >> code ..

    >
    > Can we see, not that I don't doubt your word ..
    >
    > http://www.extremetech.com/article2/...,890280,00.asp


    Same has happened in IE 6 about a week ago. I ended up doing a
    , bring up Task Manager and killing IE 6. This had
    to do with a deviant advertiser on http://www.m-w.com/ AKA
    Mirriam Webster dictionary site. Since then, it has been
    removed. (However, it breeched my trust with M-W.)

    It was one of those "Click this to download" security checker.
    Yeah, right. Clicking on upper right hand "X" kept the nuisant
    dialogue box returning. I wasn't about to click the decline button.

    Then I did the next best thing. I replaced the favourite with
    the UK Cambridge dictionary site, http://dictionary.cambridge.org/

    That site has no nasties. Problem solved.

    --
    HPT

  10. Re: MS XSS

    ____/ Doug Mentohl on Sunday 11 November 2007 17:47 : \____

    > Erik Funkenbusch wrote:
    >
    >> Actually, that appears to be a flaw in firefox, not ie (at least not IE7).

    >
    >> When i go there in Firefox, i get the redirected url. When I go in IE7, i
    >> get "page cannot be found"

    >
    > Which bits in msdn.microsoft.com detect Firefox and serve up different
    > code ? You know like the bits in Hotmail that strip off the file type
    > extension if you are not using IExplore ..


    That was hilarious. I said in my previous post:


    > Worry not however. Microsoft will hire someone to cover up with an excuse.

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    That's Erik, blaming Mozilla.

    > Yes, Microsoft is hiring.
    >
    > http://msdn.micro....url=///Amusement/usenet-shill/

    ^^^^^^^^^^^^^^^^^^^^^^

    Ah! It figures...

    --
    ~~ Best of wishes

    Roy S. Schestowitz | Run a Linux server, sit on your hands all day
    http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
    Load average (/proc/loadavg): 0.97 1.35 1.64 2/168 20932
    http://iuron.com - semantic search engine project initiative

  11. Re: MS XSS

    After takin' a swig o' grog, ed belched out this bit o' wisdom:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > On Sat, 10 Nov 2007 18:57:52 GMT
    > Linonut wrote:
    >
    >> > Man... MS are so open ...
    >> >
    >> > http://s5h.net/u?46

    >>
    >> What's up with the moving all over the desktop?
    >>
    >> http://www.internetisseriousbusiness.com/
    >>
    >> Hardwiring the script to 1600x1200? How neophyte!
    >>
    >> And thank God for the kill command.

    >
    > Do you like the way that its using a MS XSS vuln? I wonder how many
    > people have used that to make a fake passport login page :-)


    I didn't get a login page. I got some lame-ass music video. Reminded
    me of the Back Door Boys.

    --
    Tux rox!

  12. Re: MS XSS

    After takin' a swig o' grog, Erik Funkenbusch belched out this bit o' wisdom:

    > On Sun, 11 Nov 2007 17:47:30 +0000, Doug Mentohl wrote:
    >
    >> Erik Funkenbusch wrote:
    >>
    >>> Actually, that appears to be a flaw in firefox, not ie (at least not IE7).

    >>
    >>> When i go there in Firefox, i get the redirected url. When I go in IE7, i get "page cannot be found"

    >>
    >> Which bits in msdn.microsoft.com detect Firefox and serve up different
    >> code ? You know like the bits in Hotmail that strip off the file type
    >> extension if you are not using IExplore ..

    >
    > It's the same code in FF as IE7. I've compared the served code. But I
    > wouldn't expect you to figure out that you can do that Duh!g. That would
    > take too much brain power. Instead, you like to make baseless accusations.


    What's up with the Javascript on msdn2?

    I have to disable Javascript in Firefox to get the pages to load. I
    think I also have to do it in IE6 on Windows, too. Irritating.

    It's a real annoyance, especially when I go to do my time sheet, and
    find I have Javascript disabled.

    --
    Tux rox!

+ Reply to Thread