| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44740eb60607190017u558b9bfh85e20b25453c92ff@mail.gmail.com> Date: Wed, 19 Jul 2006 08:17:33 +0100 From: "Jessica Hope" <jessicasaulhope@...glemail.com> To: bugtraq@...urityfocus.com Subject: Re: XSS phpBB 2.0.21 in administration I know what XSS is. I'm pointing out the fact that to do any of the XSS items in the report given, you have to be admin (since they are all in the admin panel). If you are in the admin panel of any forum, then there's other things you can do than try fiddle about with XSS. Jessica On 7/19/06, David Thomson <dave@...inityhost.com> wrote: > Defenition from Google, on XSS. > > Cross site scripting (XSS) is a type of computer security exploit where > information from one context, where it is not trusted, can be inserted into > another context, where it is. From the trusted context, an attack can be > launched. Note that although cross site scripting is also sometimes > abbreviated "CSS", it has nothing to do with the Cascading Style Sheets > technology that is more commonly called CSS. > > Example: > > A XSS attack is something that an attacker performs, not an admin. You can > use XSS to retrieve session information, cookies, md5 hashs, password hashes > all from within a web browser, no need to be an admin. > > Hope this helps. >
Powered by blists - more mailing lists