Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cross site exploits

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 00:47:34 +0100
I'm a bit unclear on the exploit and how it works, meaning I can't
decide how to determine if I have been vulnerable or how I can determine
if I have been "attacked".  I would like to set up monitoring but that
is not possible without "real facts" about this exploit.  Could it be as
"easy" as looking for the <script> tag?


CSS, Cross Site Scripting, isn't really a vulnerability, it is merely one
of the most avanced form of social engineering. As it relies on the users
to click on 'malformed' links you supply by email or something, merely
using standarized ways to check http-referer (moving them to "please
login" if not your site) provides a rather good layer of protection.

But the best thing to do is to also ausre that you do not print
user-supplied HTML tags. Check CGI homepages for script which converts "<"
to &lt; and similar tags.


Anyone know of a way to detect possible exploit by the cross site exploit ?


"Better to prevent than to detect" :)
I guess you could check your access logs for suspicious strings.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe
Previous By Date Next
Previous By Thread Next

Current thread: