lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 12 Dec 2007 13:29:21 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Byron Sonne <blsonne@...ers.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: on xss and its technical merit

Byron Sonne wrote:

> In terms of a technically interesting challenge, it sounds about as
> exciting as picking fights with 10 year olds. Shit man, most of this
> stuff is more about fooling people than anything. Yawn. I was bored
> tricking or weaseling passwords out of datacentre employees over the
> phone 20 years ago. Now I'm supposed to get excited 'cos some retards
> are doing it over the web?

I agree to an extent however I do know some pretty skillful people on
all sorts of levels use xss in conjuction with leveraging a network.

> A safe assumption. In fact, if it's on the web, it's a safe assumption
> it's crap anyways. Or is that Crap2.0?

What's that old adage on "assume". "Forward facing" sites can be
leveraged to disclosure other information. E.g., Write an XSS to run
commands on the system itself for say a week. Eventually you will see
signs of someone logging into said system. Construct an XSS attack to
embed the necessary tools to leverage your way into the backbone. Not
unlikely a difficult thing to do considering you managed to XSS attack
the site in the first place.

What you/we see too often on this and other mailing list is stupidity
a-la "I just XSS and popup up w00t now give me credit!" That is not what
I consider a hack I consider it stupidity. What would have impressed me
would be someone using a curl POST with a proxy, dumping binaries and
having those binaries run with the user privileges of the webserver. One
misconfigured webserver (chown -Rf root:wheel) and its a wrap.


-- 
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

"I hear much of people's calling out to punish the
guilty, but very few are concerned to clear the
innocent." Daniel Defoe

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5533 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ