Vulnerability Development mailing list archives
Re: cross site exploits
From: J Edgar Hoover <zorch () TOTALLY RIGHTEOUS NET>
Date: Wed, 13 Dec 2000 07:47:10 -0800
On Tue, 12 Dec 2000, vijay verma wrote:
Hello all, Anyone know of a way to detect possible exploit by the cross site exploit ? I'm a bit unclear on the exploit and how it works, meaning I can't decide how to determine if I have been vulnerable or how I can determine if I have been "attacked". I would like to set up monitoring but that is not possible without "real facts" about this exploit. Could it be as "easy" as looking for the <script> tag?
Are you asking how to check to see if your browser has been exploited, or to see if a web server has been used in a cross site exploit? Simply put, "cross site" means that you included some html on an innocent public server that points to malicious html on another server. To prevent your server from being used in this manner, make sure any html tags are stripped from user posts.
Current thread:
- cross site exploits vijay verma (Dec 13)
- Re: cross site exploits J Edgar Hoover (Dec 15)
- Re: cross site exploits Bluefish (P.Magnusson) (Dec 17)
- Message not available
- Re: cross site exploits Lincoln Yeoh (Dec 18)
- Re: cross site exploits Michal Zalewski (Dec 18)
- Re: cross site exploits Lincoln Yeoh (Dec 18)