From: knitti (
Date: Sat, 30 Aug 2003 03:38:43 +0200
Subject: Re: [Full-Disclosure] Selfmade worms in the wild ;)

more fun:

why didn't you try:'text/javascript'%3Ealert('boo!')%3C/script%3E

i think one can pass almost any xss there

(citing :
  "Trend Micro Incorporated is a global leader in antivirus and Internet
  content security software and services....")

do they test their "internet content security software" on their own


From: morning_wood ( To: Redaktion-Kryptocrew (, Date: Sat, 30 Aug 2003 03:14:03 -0700 Subject: Re: [Full-Disclosure] Selfmade worms in the wild ;) well... lets see, we could make it an untrusted link by " VName=WORM_MSBLAST. " and include some remote javascript of our choice, or the latest IE ADODB explot. the obvious choice for that would be the classic.. VName=WORM_MSBLAST. for everones info, the above was tested with the ADODB exploit to execute remote code... sucessfully i might add. ( unpatched IE ) this goes to show that XSS is still very much a security concern, especially coupled together with the lastest browser exploit to become a very dangerous vector of attack, especially by way of a previously "trusted" URL. this is not looking real good for trend. good job Mo 8-) morning_wood
main page ATTRITION feedback