Re: Google is vulnerable from XSS attack

[bugtraq () cgisecurity net]

> So how about a real world attack scenario for this.  This is one of
> the lamest vulns I have ever seen.

Until about a year ago, I'd have to agree with you. A lot of uses for XSS have been researched in the last year
including a few new ways to use it make it 'useful'. Not only can you do standard cookie hijacking with XSS, but 
combined with
browser flaws XSS 'could' (in certain situations) be used to help portscan and possible exploit(carry exploit payloads) 
a backend network 
behind a firewall (to the user visiting the XSS'd link), as well as gather Basic Auth credentials(or other headers) via 
XST attacks.

Jeremiah Grossman presented at blackhat and showed that it's possible to capture keystrokes from a user that has 
visited a 'XSS'd' link as
well as have bidirectional communication with them. Functionality such as xmlhttp can greatly expand the usefulness of 
Cross Site Scripting.  

The Cross Site Scripting FAQ
http://www.cgisecurity.com/articles/xss-faq.shtml

Cross-Site Tracing (XST) (Official Mirror)
http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf

AJAX (Asynchronous Javascript and XML) Links
http://www.cgisecurity.com/ajax/

Jeremiah's blackhat talk
http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-grossman.pdf

XSS is 'starting' to get fairly useful.

Regards,

- admin () cgisecurity com
http://www.cgisecurity.com/          (Web Security News, and More!)
http://www.cgisecurity.com/index.rss (Web Security News RSS Feed)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/