Re: xss....what next???

[Dr David Scholefield <david () port80 com>]

This is surely the difference between a penetration test and a  
vulnerability scan?

A penetration tests is designed to map out the likely extent of  
vulnerabilities found
by going a step deeper (without disrupting service). A vulnerability  
scan lists
'surface' vulnerability discoveries and moves on!

david scholefield
www.port80.com


On 14 Aug 2006, at 15:44, steven () lovebug org wrote:

> Hello,
>
> To use this to the maximum and fully realize your potential here is  
> what
> you do.
>
> 1) Find the e-mail address for the owner of the website/webpage.
> 2) Compose an e-mail to them detailing what you found.
> 3) Press send.
>
> Then you are done and you have fully realized your potential.
>
> Steven
>
> > hello,
> >
> > I managed to find a website prone to xss, this might sound stupid,  
> > but
> > whats next ??? how can i use it to the maximum ??? i managed to pass
> > javascript to a jspz arguments.....but I really can't c how much
> > potential i have now???
> >
> >
> > thx alot
> >
> > --------------------------------------------------------------------- 
> > ---------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the
> > Analyst's
> > Choice Award from eWeek. As attacks through web applications  
> > continue to
> > rise,
> > you need to proactively protect your applications from hackers.  
> > Cenzic has
> > the
> > most comprehensive solutions to meet your application security  
> > penetration
> > testing and vulnerability management needs. You have an option to  
> > go with
> > a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed  
> > service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to  
> > confirm your
> > results from other product. Contact us at request () cenzic com for  
> > details.
> > --------------------------------------------------------------------- 
> > ---------
>
>
>
> ---------------------------------------------------------------------- 
> --------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the  
> Analyst's
> Choice Award from eWeek. As attacks through web applications  
> continue to rise,
> you need to proactively protect your applications from hackers.  
> Cenzic has the
> most comprehensive solutions to meet your application security  
> penetration
> testing and vulnerability management needs. You have an option to  
> go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed  
> service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to  
> confirm your
> results from other product. Contact us at request () cenzic com for  
> details.
> ---------------------------------------------------------------------- 
> --------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------