Full Disclosure mailing list archives
Client-side JavaScript XSS Scanner - runs straight from your browser
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Mon, 16 Jul 2007 20:23:23 +0100
http://www.gnucitizen.org/blog/javascript-xss-scanner This POC shows how easy is to implement XSS scanner by using only JavaScript and a few tricks from the Web2.0 world. Similar technique can be easily implemented into AJAX/XSS worms which will allow them to propagate across several domains and also find new vulnerabilities on their own. Don't be evil. Use the POC for educational and demonstration purposes only. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Client-side JavaScript XSS Scanner - runs straight from your browser pdp (architect) (Jul 16)