Author of the XSS Book
It is probably about time to announce that I am one of the authors of the upcoming XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).
The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don't know much about it. The book is also designed to cover some advance topics for those who want to expand their current knowledge. I guess everybody will be happy. You can preorder it from Amazon. This is the only book on Cross-site Scripting attacks and related topics, for now, so I hope it will be a success.
You need to contact Amazon :-), and tell them to put Petko Petkov to the list of the authors, because there is no your name in the list. And it is not good. Amazon need to add Pdp to the list! Every author need a portion of attention.Thanks for the advise. The reason I am not there is because I was invited to join the team at much later stage. The front cover and the author bio will change as soon as we get the book on Amazon.
You also need to attend to security of your own site. As I planning to tell you for a long time already, there are many XSS holes at your site! So wait for my detailed letter.It could be the PDF thing which I already know about or it could be something on Wordpress that I don't know about. There is one thing that can be used for XSS, Backframe's inline profiles, however you get warned that a profile is about to be loaded, so it is not a big deal. If it is the PDF issue, I don't care that much. Yes, someone can get exploited on GNUCITIZEN, but that is not beneficial to anyone. If it is Wordpress, then I don't know. I would write my own blog software if I had the time.
And about holes. I am talking about XSS vulnerabilities at your site - in WordPress (particularly).Really? Wow, I will be interested to see that, not that I am surprised.
Not UXSS, but you can fix it also (and you better do).Show me a fix and I will show you how you can still abuse this hole. I've played with all kinds of server side fixes for this vulnerabilities and all of them can be circumvented. So, the solution is easy, update your plugin. It is client-side issue, not server-side.