Vulnerability Development mailing list archives
Re: cross site exploits
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 00:47:34 +0100
I'm a bit unclear on the exploit and how it works, meaning I can't decide how to determine if I have been vulnerable or how I can determine if I have been "attacked". I would like to set up monitoring but that is not possible without "real facts" about this exploit. Could it be as "easy" as looking for the <script> tag?
CSS, Cross Site Scripting, isn't really a vulnerability, it is merely one of the most avanced form of social engineering. As it relies on the users to click on 'malformed' links you supply by email or something, merely using standarized ways to check http-referer (moving them to "please login" if not your site) provides a rather good layer of protection. But the best thing to do is to also ausre that you do not print user-supplied HTML tags. Check CGI homepages for script which converts "<" to < and similar tags.
Anyone know of a way to detect possible exploit by the cross site exploit ?
"Better to prevent than to detect" :) I guess you could check your access logs for suspicious strings. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- cross site exploits vijay verma (Dec 13)
- Re: cross site exploits J Edgar Hoover (Dec 15)
- Re: cross site exploits Bluefish (P.Magnusson) (Dec 17)
- Message not available
- Re: cross site exploits Lincoln Yeoh (Dec 18)
- Re: cross site exploits Michal Zalewski (Dec 18)
- Re: cross site exploits Lincoln Yeoh (Dec 18)