[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6dc88c3c0707101451s367dd57eh98e52684bf090cb7@mail.gmail.com>
Date: Tue, 10 Jul 2007 22:51:02 +0100
From: "Ferruh Mavituna" <ferruh@...ituna.com>
To: bugtraq@...urityfocus.com
Subject: XSS Tunnelling White Paper and Tool
XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS
Channel. Thus any application with HTTP proxy support can tunnel its
traffic through an XSS Channel (a channel opened by a tool like XSS
Shell).
White paper is explaining XSS Tunnelling, benefits, real worlds
examples and basic usage of XSS Tunnel (a local HTTP proxy for
tunnelling) tool.
XSS Tunelling Paper:
http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf
XSS Shell, XSS Tunnel Binary Releases and Source Code:
http://www.portcullis-security.com/16.php
A Short Demonstration Video:
http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip
Video shows to exploit a permanent XSS in wordpress and bypass Basic
Auth on the fly by XSS Tunnel.
Regards,
--
Ferruh Mavituna
http://ferruh.mavituna.com
Powered by blists - more mailing lists