Full Disclosure mailing list archives
Re: Search Engine XSS
From: northern snowfall <dbailey27 () ameritech net>
Date: Wed, 23 Jul 2003 14:08:08 -0500
Yes but what affect does this have on the server? How does it comprimise security? Can you use this to DoS the server? Can you use this to gain access to areas on the server otherwise not available?
Sometimes server security isn't the issue. Client trust is just as important as server or network security. If an attacker can create an instance of psychological mistrust you're carrying out a psychological denial of service. Unfortunately, a vast amount of our average users are susceptible to this kind of attack. From a business sense this is still a serious problem. If this scenario were played out in a clever fashion, stock integrity of a given company could be compromised. One could almost classify this as a strange route toward corporate espionage or corporate warfare strategy. Security researchers might be smart enough to see through these kinds of tactics, but can the general public? Don't forget, the public is the end user we are supposedly looking out for. Thus, their interests would not make light of a vulnerability such as XSS, despite how simple it may be to carry out the exploit. Don http://www.7f.no-ip.com/~north_ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Search Engine XSS morning_wood (Jul 23)
- Re: Search Engine XSS Liu Die Yu (Jul 23)
- Re: Search Engine XSS Shanphen Dawa (Jul 23)
- Re: Search Engine XSS northern snowfall (Jul 23)
- Re: Search Engine XSS morning_wood (Jul 23)
- Re: Search Engine XSS Shanphen Dawa (Jul 23)
- Re: Search Engine XSS Bill Pennington (Jul 23)
- Re: Search Engine XSS Sam Baskinger (Jul 23)
- Re: Search Engine XSS Sam Baskinger (Jul 23)
- <Possible follow-ups>
- Re: Search Engine XSS bobby manly (Jul 23)