Vulnerability Development mailing list archives
Re: cross site exploits
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Sun, 17 Dec 2000 18:17:10 +0800
At 12:47 AM 12/16/00 +0100, Bluefish (P.Magnusson) wrote:
CSS, Cross Site Scripting, isn't really a vulnerability, it is merely one of the most avanced form of social engineering. As it relies on the users to click on 'malformed' links you supply by email or something, merely
Users don't usually have to click. For example attackers can use img src or frame src. Or good old javascript if enabled. HTTP-Referer can help, but less so if the attacks can be placed on your site. I've been looking for other ways to prevent these attacks any decent suggestions welcome. Cheerio, Link.
Current thread:
- cross site exploits vijay verma (Dec 13)
- Re: cross site exploits J Edgar Hoover (Dec 15)
- Re: cross site exploits Bluefish (P.Magnusson) (Dec 17)
- Message not available
- Re: cross site exploits Lincoln Yeoh (Dec 18)
- Re: cross site exploits Michal Zalewski (Dec 18)
- Re: cross site exploits Lincoln Yeoh (Dec 18)