Re: CSS implication

["Frog Man" <leseulfrog () hotmail com>]

I'm not sure but I think that SSI can be used with CSS.
Then we can include file :<!--#include virtual="thefile"-->, execute 
commands <!--#exec cmd="/user/bin/perl/date"--> and execute CGI script 
<!--#exec cgi="cgi/cgi.cgi"-->.
If that's false, please say it to me.
Sorry for my bad englsih :)
frog-m@n


> From: zero <zeroboy () arrakis es>
> To: vuln-dev () securityfocus com
> Subject: CSS implication
> Date: Sat, 16 Mar 2002 14:38:44 +0100
>
> Hi all,
>         I'm working on a CSS paper, and I was wondering, what are the real
> implications of a CSS attack. When some site is vuln to a CSS problem,
> you're able to execute code on the web. I've thought about the implications
> of this. First of all:
>         - You can steal cookies from users
>         - You can send bogus links faking the original site: i.e
> http://site/vuln.php?query=<script>...(faking vuln.php)...</script>
>         - You can download & launch activeX (possible to download and
> execute trojans?)
>
> Any more dangerous implications?
>
>
> mailto:zeroboy () arrakis es
> http://www.podergeek.com
> http://www.citfi.org
> **************************************************
> "The further backward you look, the further forward you can see" Winston
> Churchill
>  "Para ganar, hay gente que debe perder"




_________________________________________________________________
MSN Photos est le moyen le plus simple de partager, modifier et imprimer vos 
photos préférées. http://photos.msn.fr/Support/WorldWide.aspx