WebApp Sec mailing list archives
RE: XSS
From: "Ernesto Funes" <efunes () ipsoluciones com>
Date: 10 Dec 2002 16:45:25 -0000
On Tue, 10 Dec 2002 17:23:11 +0200, "Eyal Udassin" <eyal () webcohort com> wrote :
Hi John, There are two main issues concerning XSS: 1. Say you set your browser to fully trust your bank's site and allow it to run scripts in your browser. On the other hand, you deny that privilege from the rest of the sites you visit. If the bank's site is vulnerable to XSS, when you click on the a malformed URL that was presented to you at hacker.com, you will be redirected to your banks site (which you previously granted scripting rights) and the malicious script written by someone at hacker.com will run. XSS in that manner is a very good way to run scripts on cautious clients that allow only very specific sites to send them scripts. 2. Following the previous example, let's say that you are logging into your bank account. What usually happens is that the server issues you a session cookie which from now on will identify you as the user you entered in the login screen. Clicking on the previously mentioned URL at hacker.com might run a script that will send your cookie back to the attacker. What happens in 99% of the sites I've tested is that from that point on the attacker can access your bank account without ever needing your username or password. The cookie itself is mostly satisfactory.
But for this to work, you need to be conected to the bank at the same time you are viewing the maliciuos site, wich reduces the impact, otherwise nothing will happen... or am I mistaken?
-----Original Message----- From: John Madden [mailto:chiwawa999 () yahoo com] Sent: Tuesday, December 10, 2002 4:39 PM To: webappsec () securityfocus com Subject: XSS Hello all, Being new to XSS and seing alot of messages in the last couple weeks on the subject got me wondering... What is the real vulnerability if the site in questions is vulnerable to XSS but does not let you write any malicious scripts on the system, like message board, forums etc... ? Can anything be done to exploit XSS if the above scenario occurs ? I know it depends on the web server, packages installed etc... I'm asking in generaly is it possible ? You can do the document.cookie and view your cookie, that migth give a hint on the structure but... or redirect yourself to another web site :) etc... I've read the document on XSS by David Endler http://www.idefense.com/papers.html but still have some questions. If possible, can the XSS guru's on the list shed some light on the subject. Thanks for your time, Cheers __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- Re: XSS, (continued)