Anton Karpov <[EMAIL PROTECTED]> wrote: > 2007/10/10, Stuart Henderson <[EMAIL PROTECTED]>: >> >> On 2007/10/10 20:43, [EMAIL PROTECTED] wrote: >> > Nice to hide your local network IP ;) >> > Do not show it anyone! >> > >> > On 10/10/07, Anton Karpov <[EMAIL PROTECTED]> wrote: >> > > It's a kind of useless and funny XSS... in OpenBSD ;) >> >> Well, it's fixed in -current. >> There are better ways to report a bug than misc@, though. > > > I posted it here because I don't seriously think it's a [useful] bug
All bugs are useful :) In this case, if you have some web application on the same *domain name* then the XSS can be used to take control of the user session on the application. Especially fun for isp/hosting kind of settings where you have customer management and troubleshooting (looking glass etc.) services side by side. Can
