lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <92db0b590707110557q7f3ebc16l10978c81900b3250@mail.gmail.com>
Date: Wed, 11 Jul 2007 08:57:26 -0400
From: "Security Guy" <security@...goinc.com>
To: "Ferruh Mavituna" <ferruh@...ituna.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: XSS Tunnelling White Paper and Tool

This is very cool. This is a perfect example of an alternate means to
exploit lazy admins :)

Consider a small/medium managed hosting company with public support
forums. The forums aren't high on anyone's list to secure because
they've got better things to do. Mallory discovers some exploits in
the forum (or just un-checked HTML in postings) and posts an XSS
described in the whitepaper into the forums. Bob, the admin browses
the forums, gets infected and then browses to the admin interface of
one of his customer's boxes. Mallory now has control over the managed
server.

Better yet, embedded in a message to an HTML email client (to one of
those services that doesn't sanitize properly). The possibilities are
endless...

Thanks for the brilliant XSS demo tool.

On 7/10/07, Ferruh Mavituna <ferruh@...ituna.com> wrote:
> XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS
> Channel. Thus any application with HTTP proxy support can tunnel its
> traffic through an XSS Channel (a channel opened by a tool like XSS
> Shell).
>

--

Lasciate ogne speranza, voi ch'intrate

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ