Comments on: Yahoo! epic fail – permanent xss unleashed http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/ Sat, 17 Sep 2011 10:00:04 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: MD6 http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-1556 MD6 Fri, 13 Mar 2009 22:14:55 +0000 http://hackersblog.org/?p=1213#comment-1556 Se pare ca nu mai merge linku http://timetags.research.yahoo.com Se pare ca nu mai merge linku http://timetags.research.yahoo.com

]]> By: Claudel http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-1322 Claudel Sun, 01 Mar 2009 13:29:32 +0000 http://hackersblog.org/?p=1213#comment-1322 is neamuri de rRomi:))) is neamuri de rRomi:)))

]]> By: Mrjuki http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-1321 Mrjuki Sun, 01 Mar 2009 02:44:34 +0000 http://hackersblog.org/?p=1213#comment-1321 http://www.kaskus.us/showthread.php?t=1428092 someone steal your post use google translate if you don't understand http://www.kaskus.us/showthread.php?t=1428092

someone steal your post

use google translate if you don’t understand

]]> By: black_death http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-944 black_death Thu, 12 Feb 2009 12:56:32 +0000 http://hackersblog.org/?p=1213#comment-944 my ass :( , kenpachi l-o facut , ii dau la ciocatu lu pax. my ass :( , kenpachi l-o facut , ii dau la ciocatu lu pax.

]]> By: CODEX http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-942 CODEX Thu, 12 Feb 2009 12:26:49 +0000 http://hackersblog.org/?p=1213#comment-942 bine pax :))) bine pax :) ))

]]> By: Nab http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-895 Nab Wed, 11 Feb 2009 22:25:35 +0000 http://hackersblog.org/?p=1213#comment-895 aiurea că l-ai făcut public. mai bine îl vindeai aiurea că l-ai făcut public. mai bine îl vindeai

]]> By: Broken http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-801 Broken Tue, 10 Feb 2009 19:53:56 +0000 http://hackersblog.org/?p=1213#comment-801 super tare frate :|, si yahoo si gugal au avut articole cu titlu epic fail =)) super tare frate :| , si yahoo si gugal au avut articole cu titlu epic fail =))

]]> By: Andrei Rine http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-800 Andrei Rine Tue, 10 Feb 2009 19:53:27 +0000 http://hackersblog.org/?p=1213#comment-800 Bineinteles ca validarea inputului si encodarea corecta a outputului sunt lucruri sfinte in functionarea unei aplicatii software. HttpOnly este nesuportat corect de cam nici un browser momentan si are statut de leucoplast. Totusi consideram oportun sa il mentionez. :D Bineinteles ca validarea inputului si encodarea corecta a outputului sunt lucruri sfinte in functionarea unei aplicatii software. HttpOnly este nesuportat corect de cam nici un browser momentan si are statut de leucoplast. Totusi consideram oportun sa il mentionez. :D

]]> By: Shocker http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-798 Shocker Tue, 10 Feb 2009 19:50:57 +0000 http://hackersblog.org/?p=1213#comment-798 @Andrei: In primul rand, la Yahoo nu sunt HttpOnly. In al doilea rand, cum HttpOnly nu e un standard, nu toate browserele tin cont de acel atribut (Opera spre exemplu), in consecinta nu e indicat sa te bazezi pe HttpOnly. Mai bine iti securizezi site-ul. @Andrei: In primul rand, la Yahoo nu sunt HttpOnly. In al doilea rand, cum HttpOnly nu e un standard, nu toate browserele tin cont de acel atribut (Opera spre exemplu), in consecinta nu e indicat sa te bazezi pe HttpOnly. Mai bine iti securizezi site-ul.

]]> By: Andrei Rine http://blog.rstcenter.com/2009/02/10/yahoo-epic-fail-permanent-xss/comment-page-1/#comment-789 Andrei Rine Tue, 10 Feb 2009 19:18:50 +0000 http://hackersblog.org/?p=1213#comment-789 Si nu, XMLHttpRequest nu va merge ca o alternativa decat la platformele de cacat. Dupa cum scriam aici -> http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/#comment-85043 numai platformele foarte maro ce emit cookie-ul de sesiune la fiecare raspuns HTTP sunt vulnerabile. Si nu, XMLHttpRequest nu va merge ca o alternativa decat la platformele de cacat. Dupa cum scriam aici -> http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/#comment-85043 numai platformele foarte maro ce emit cookie-ul de sesiune la fiecare raspuns HTTP sunt vulnerabile.

]]>