| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6dc88c3c0707101507o12816ecdofbf16fa9fbee87f0@mail.gmail.com> Date: Tue, 10 Jul 2007 23:07:59 +0100 From: "Ferruh Mavituna" <ferruh@...ituna.com> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: XSS Tunnelling White Paper and Tool XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS Channel. Thus any application with HTTP proxy support can tunnel its traffic through an XSS Channel (a channel opened by a tool like XSS Shell). White paper is explaining XSS Tunnelling, benefits, real worlds examples and basic usage of XSS Tunnel (a local HTTP proxy for tunnelling) tool. XSS Tunelling Paper: http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf XSS Shell, XSS Tunnel Binary Releases and Source Code: http://www.portcullis-security.com/16.php A Short Demonstration Video: http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip Video shows to exploit a permanent XSS in wordpress and bypass Basic Auth on the fly by XSS Tunnel. Regards, -- Ferruh Mavituna http://ferruh.mavituna.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists