Vulnerability Development mailing list archives
Re: Can you exploit this XSS?
From: Robin <robin () technophobia co uk>
Date: Wed, 19 Nov 2003 16:27:49 +0000
Just by virtue of being able to get script into the page it can be exploited. What can be gained from the exploit is dependant on what the app/site does.
XSS is commonly used to collect session id's so an attacker could gather those using this weakness.
Robin Paul Johnston wrote:
Hi,While auditing a web app, I've found the site redirects not found pages to a login screen. This contains an element like:<input type="hidden" name="tageturl" value="XXX">Now, the XXX bit is controlled by the user, and it seems the only characters escaped are " and & - i.e. <script>alert(document.cookie)</script> gets through (hence my tool alerted me).Can this be exploited for XSS? I can't see how to immediately, but it seems possible.Paul
-- -------------------------------------------- Robin Wood TechnoPhobia Limited -------------------------------------------- Phone: +44 (0)114 2212123 Fax: +44 (0)114 2212124 Email: robin () technophobia co uk WWW: http://www.technophobia.com Registered in England and Wales Company No. 3063669 VAT registration No. 5987858 42 The contents of this e-mail are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this e-mail in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this e-mail are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All e-mail communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Current thread:
- Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? Robin (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? dd (Nov 19)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 20)
- Re: Can you exploit this XSS? Paul Johnston (Nov 20)
- Re: Can you exploit this XSS? mark (Nov 25)
- Re: Can you exploit this XSS? Peter Pentchev (Nov 26)
- <Possible follow-ups>
- RE: Can you exploit this XSS? Scovetta, Michael V (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- RE: Can you exploit this XSS? Parity (Nov 24)
- RE: Can you exploit this XSS? Dawes, Rogan (ZA - Johannesburg) (Nov 21)
(Thread continues...)
- Re: Can you exploit this XSS? Robin (Nov 19)