Bugtraq mailing list archives
RE: A technique to mitigate cookie-stealing XSS attacks
From: Ulf Harnhammar <ulfh () update uu se>
Date: Thu, 14 Nov 2002 07:20:29 +0100 (CET)
On Wed, 13 Nov 2002, Steven M. Christey wrote:
Being able to place arbitrary HTML into an intermediate web page is dangerous for other reasons (this is sometimes called "HTML injection," but I view it as another flavor of XSS). For example, this would allow attackers to use META-REFRESH style attacks to redirect victims away from the intended web site.
..or to redirect victims to a script on the intended web site that does something (i e, sending mails or posting Usenet messages under the victim's name). It's not just about stealing cookies. // Ulf Harnhammar VSU Security ulfh () update uu se
Current thread:
- Re: A technique to mitigate cookie-stealing XSS attacks, (continued)
- Re: A technique to mitigate cookie-stealing XSS attacks Matthew Collins (Nov 07)
- Re: A technique to mitigate cookie-stealing XSS attacks Nick Simicich (Nov 08)
- Re: A technique to mitigate cookie-stealing XSS attacks Peter Watkins (Nov 08)
- Re: A technique to mitigate cookie-stealing XSS attacks Steven M. Christey (Nov 08)
- RE: A technique to mitigate cookie-stealing XSS attacks Michael Howard (Nov 08)
- RE: A technique to mitigate cookie-stealing XSS attacks NESTING, DAVID M (SBCSI) (Nov 09)
- RE: A technique to mitigate cookie-stealing XSS attacks Michael Howard (Nov 11)
- Re: A technique to mitigate cookie-stealing XSS attacks Jeremiah Grossman (Nov 11)
- RE: A technique to mitigate cookie-stealing XSS attacks Jason Coombs (Nov 12)
- RE: A technique to mitigate cookie-stealing XSS attacks Steven M. Christey (Nov 13)
- RE: A technique to mitigate cookie-stealing XSS attacks Ulf Harnhammar (Nov 15)
- RE: A technique to mitigate cookie-stealing XSS attacks Eric Stevens (Nov 15)