| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Dec 3 22:06:46 2005 From: bugtraq at cgisecurity.net (bugtraq@...security.net) Subject: Google is vulnerable from XSS attack > So how about a real world attack scenario for this. This is one of > the lamest vulns I have ever seen. Until about a year ago, I'd have to agree with you. A lot of uses for XSS have been researched in the last year including a few new ways to use it make it 'useful'. Not only can you do standard cookie hijacking with XSS, but combined with browser flaws XSS 'could' (in certain situations) be used to help portscan and possible exploit(carry exploit payloads) a backend network behind a firewall (to the user visiting the XSS'd link), as well as gather Basic Auth credentials(or other headers) via XST attacks. Jeremiah Grossman presented at blackhat and showed that it's possible to capture keystrokes from a user that has visited a 'XSS'd' link as well as have bidirectional communication with them. Functionality such as xmlhttp can greatly expand the usefulness of Cross Site Scripting. The Cross Site Scripting FAQ http://www.cgisecurity.com/articles/xss-faq.shtml Cross-Site Tracing (XST) (Official Mirror) http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf AJAX (Asynchronous Javascript and XML) Links http://www.cgisecurity.com/ajax/ Jeremiah's blackhat talk http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-grossman.pdf XSS is 'starting' to get fairly useful. Regards, - admin@...security.com http://www.cgisecurity.com/ (Web Security News, and More!) http://www.cgisecurity.com/index.rss (Web Security News RSS Feed)
Powered by blists - more mailing lists