Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

To: "sven.vetsch@xxxxxxxxxxxxx" <sven.vetsch@xxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Date: Wed, 3 Jan 2007 10:27:26 +0000
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, "Web Security" <websecurity@xxxxxxxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lcavFEYgjx6lrvHxF9MzyokFVqDMUvCjl9pvca33/n+YXaRubm0mEsSlapI6dZj2EbRCEeSbgdVlf7XZqUkUpIPCXZDstUHJr2299jkTVtD6xRC6W3kuUeZxwAnJSI9GoXmS+RsjQ/5H/ciGgO7YNJnE0YFoiUDo8GSVsMOv+4o=
In-reply-to: <1167813420.459b6b2c0a8d7@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570701021820v7b22961do7226be1bcf04fa57@xxxxxxxxxxxxxx> <1167813420.459b6b2c0a8d7@xxxxxxxxxxxxxxx>

no worries, the vulnerability details presented on my blog post were
updated. good work.

On 1/3/07, sven.vetsch@xxxxxxxxxxxxx <sven.vetsch@xxxxxxxxxxxxx> wrote:

Quoting "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>:

> This finding was originally mentioned by Sven Vetsch, on his blog.
> This is a very good and quite interesting. Good work.

Sorry about that but that's wrong. All the credits have to go to Stefano Di
Paola and Giorgio Fedon. They presented that stuff at the 23C3 in Berlin. The
only thing that I did was an overview and I found out, that it doesn't matter
how the parameter is called. I "just" forgot to copy paste the credits from my
original document, to the blog entry. I'm very sorry about that and of course I
putted it in my entry now.

Regards,
Disenchant / Sven Vetsch



--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

References:
- Universal XSS with PDF files: highly dangerous
  - From: pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: sven . vetsch

Prev by Date: Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution
Next by Date: [USN-399-1] w3m vulnerabilities
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: Re: Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread