Vulnerability Development mailing list archives
Re: CSS implication
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: Sat, 16 Mar 2002 10:14:31 -0800
The implications are very simple. With XSS, one can control a target users browser to make it do whatever they want it to do.
From here, if one can exploit a browser vulnerability, they can control the
target users machine to do whatever it is they want it to do. The rest is how you want to use this kind of access. Cookie theft and location forwarding are just some possible repercussions. zero wrote:
Hi all, I'm working on a CSS paper, and I was wondering, what are the real implications of a CSS attack. When some site is vuln to a CSS problem, you're able to execute code on the web. I've thought about the implications of this. First of all: - You can steal cookies from users - You can send bogus links faking the original site: i.e http://site/vuln.php?query=<script>...(faking vuln.php)...</script> - You can download & launch activeX (possible to download and execute trojans?) Any more dangerous implications? mailto:zeroboy () arrakis es http://www.podergeek.com http://www.citfi.org
Current thread:
- CSS implication zero (Mar 16)
- Re: CSS implication Jeremiah Grossman (Mar 16)
- <Possible follow-ups>
- Re: CSS implication Frog Man (Mar 17)
- Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication zero (Mar 18)
- Re: CSS implication Jeremiah Grossman (Mar 19)
- Re: CSS implication Sverre H. Huseby (Mar 23)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication Arta (Mar 18)