Bitcoin Forum
December 11, 2016, 10:24:23 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: .  (Read 1396 times)
mrb
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
.
January 30, 2011, 07:36:24 AM
 #1

.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481451863
Hero Member
*
Offline Offline

Posts: 1481451863

View Profile Personal Message (Offline)

Ignore
1481451863
Reply with quote  #2

1481451863
Report to moderator
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
January 30, 2011, 08:59:35 AM
 #2

If anyone goes for this use clearcoin.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
genjix
Legendary
*
Offline Offline

Activity: 1232


View Profile
January 30, 2011, 10:01:41 AM
 #3

you could get a lot more for this 0-day vulnerability. you should find a trusted forum member, pay them 30 btc to verify it's real and then put it up in an auction.
dingus
Full Member
***
Offline Offline

Activity: 126



View Profile
February 07, 2011, 04:46:39 AM
 #4


You will get exclusivity.
It is not known by anyone else.
It is the result of 30+ hours of research.
It has never been "used" other than in my tests.
It was discovered months ago and is still working.


http://blog.cartercole.com/2010/06/social-engineering-crazy-encoding.html

Is this what you speak of?

ding·us/ˈdiNGgəs/
Noun: Used to refer to something whose name the speaker cannot remember, is unsure of, or is humorously or euphemistically omitting
moncojhr
Newbie
*
Offline Offline

Activity: 3


View Profile
February 09, 2011, 06:14:03 AM
 #5

Quote
>XSS vulnerability on facebook.com 10000 BTC
Warning: topic may be controversial. I am a security researcher. I found a cross-site scripting vulnerability on facebook.com which I decided to sell for 10k BTC.

You will get exclusivity.
It is not known by anyone else.
It is the result of 30+ hours of research.
It has never been "used" other than in my tests.
It was discovered months ago and is still working.

Technical details
Entice a user authenticated to Facebook to browse a specially crafted link "http://...facebook.com/...". My non-persistent XSS will allow you to execute arbitrary javascript code under her identity, read/modify her profile, etc.

My goals
Raise awareness that even high-profile sites are rarely secure. And perhaps push Facebook a little bit toward accepting the idea that buying vulnerabilities from security researchers would be good for them and the Internet community. Just like Google buys vulnerabilities from researchers, which has tremendously helped secure their online apps in the last few months.

Excellent google cache got it :-)

From his discription it doesnt sound like what is explained in that blog post... He said its a "non-persistent XSS" , enticing a user to run javascript in their browser is not XSS.
talkinrock
Newbie
*
Offline Offline

Activity: 10


View Profile
February 09, 2011, 09:10:23 PM
 #6

EDITED by talkinrock
dingus
Full Member
***
Offline Offline

Activity: 126



View Profile
February 09, 2011, 09:15:18 PM
 #7

Ummm....   Why did mrb all of a sudden delete the thread title and the original post?!!

Does anyone find that a bit suspicious and/or odd?    Huh

Doesn't matter as he was quoted saying the original text anyway.

ding·us/ˈdiNGgəs/
Noun: Used to refer to something whose name the speaker cannot remember, is unsure of, or is humorously or euphemistically omitting
lumos
Full Member
***
Offline Offline

Activity: 160



View Profile
February 09, 2011, 09:50:28 PM
 #8

security maybe? maybe you should remove your quote as a show of good faith.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
February 09, 2011, 09:58:00 PM
 #9

Maybe he sold the vulnerability to someone else, and wants to cover his tracks.
Veltas
Newbie
*
Offline Offline

Activity: 28


View Profile
February 10, 2011, 01:12:08 AM
 #10

Maybe he sold the vulnerability to someone else, and wants to cover his tracks.
Good luck with that...

This must be interesting to people who use Facebook or any 'social' website.  I don't use Facebook or the such.

Veltas Vandegere the awesome.

Send dead rats here:
18WLsGHD9a3w8HHnjjYLUxTPNjFaqju84d
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!