[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Dec 2007 13:29:21 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Byron Sonne <blsonne@...ers.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: on xss and its technical merit
Byron Sonne wrote:
> In terms of a technically interesting challenge, it sounds about as
> exciting as picking fights with 10 year olds. Shit man, most of this
> stuff is more about fooling people than anything. Yawn. I was bored
> tricking or weaseling passwords out of datacentre employees over the
> phone 20 years ago. Now I'm supposed to get excited 'cos some retards
> are doing it over the web?
I agree to an extent however I do know some pretty skillful people on
all sorts of levels use xss in conjuction with leveraging a network.
> A safe assumption. In fact, if it's on the web, it's a safe assumption
> it's crap anyways. Or is that Crap2.0?
What's that old adage on "assume". "Forward facing" sites can be
leveraged to disclosure other information. E.g., Write an XSS to run
commands on the system itself for say a week. Eventually you will see
signs of someone logging into said system. Construct an XSS attack to
embed the necessary tools to leverage your way into the backbone. Not
unlikely a difficult thing to do considering you managed to XSS attack
the site in the first place.
What you/we see too often on this and other mailing list is stupidity
a-la "I just XSS and popup up w00t now give me credit!" That is not what
I consider a hack I consider it stupidity. What would have impressed me
would be someone using a curl POST with a proxy, dumping binaries and
having those binaries run with the user privileges of the webserver. One
misconfigured webserver (chown -Rf root:wheel) and its a wrap.
--
====================================================
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
"I hear much of people's calling out to punish the
guilty, but very few are concerned to clear the
innocent." Daniel Defoe
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5533 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists