Penetration Testing mailing list archives
RE: XSS LAB DEMO IDEAS
From: "Jeremy Junginger" <jj () act com>
Date: Wed, 8 Jan 2003 10:09:01 -0700
Thanks for the ideas, guys. I'm running into a bit of technical trouble, though. Perhaps you could shed some light? I now have a "victim" web server set up that I can test XSS on, and I have also set up an "attacker" web server that basically sits there and eats cookies via CGI, storing them to a local directory. The next question may seem very rudimentary, but can you just write those to your user's "cookie" folder and "hijack" their session to the web site? I know I'm missing something ::scratching my head:: -Jeremy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- XSS LAB DEMO IDEAS Jeremy Junginger (Jan 06)
- Re: XSS LAB DEMO IDEAS Loki (Jan 06)
- Re: XSS LAB DEMO IDEAS Kevin Spett (Jan 06)
- <Possible follow-ups>
- Re: XSS LAB DEMO IDEAS Mark Curphey (Jan 06)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 07)
- Re: XSS LAB DEMO IDEAS FermÃn J . Serna (Jan 08)
- RE: XSS LAB DEMO IDEAS Jeremy Junginger (Jan 08)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 10)