Security Basics mailing list archives
Re: Exploiting XSS
From: "Ulisses Castro (thebug)" <uss.thebug () gmail com>
Date: Wed, 3 Dec 2008 15:14:37 -0200
Hi! You can find good stuff on OWASP: http://www.owasp.org/index.php/Testing_for_Cross_site_scripting In references you can find good stuff, also good stuff to show how real world works. ;) For real world case you can find nice walkthrough here: http://packetstormsecurity.org/papers/web/xss-walkthrough.txt Cheers, -- Ulisses Castro (thebug) http://ulissescastro.wordpress.com uss.thebug () gmail com On Wed, Dec 3, 2008 at 3:05 AM, Ravi Gopal <ravigopalt () gmail com> wrote:
Dear List, I'm doing a WAPT for a website and found many XSS issues (both Stored and Reflected). I wanted to do more and show to the customer, apart from normal script injection and getting it popped up. Consider that u found an XSS issue in a field and your script is running, 1. Now what are the further steps for exploiting XSS completely???? 2. How an attacker can really make use of it? 3. How to Compromise ?? 4. What are the real world scenarios can be used Looking for few good inputs/imlementations/expolits/BooKs .............. Thanks in advance, Cheers, White hat
Current thread:
- Exploiting XSS Ravi Gopal (Dec 03)
- Re: Exploiting XSS Ulisses Castro (thebug) (Dec 03)