Penetration Testing mailing list archives
Re: Cross Site Scripting Vulnerabilities - XSS
From: "Jeff Williams" <jeff.williams () aspectsecurity com>
Date: Tue, 6 Aug 2002 11:08:40 -0400
Check out websleuth -- it takes a little work, but it can do what you want. The technique is pretty simple -- send a few test tags into each form field and then see if the responses contain the tag. If so, it's vulnerable. Not a terribly sophisticated test, but it'll do since in most cases there's no reason not to filter out the tags. http://www.geocities.com/dzzie/sleuth/ --Jeff Jeff Williams Aspect Security, Inc. Securing the Last Mile of the Internet www.aspectsecurity.com Jeff.Williams () aspectsecurity com ----- Original Message ----- From: "Jason binger" <cisspstudy () yahoo com> To: <pen-test () securityfocus com> Sent: Sunday, August 04, 2002 1:52 AM Subject: Cross Site Scripting Vulnerabilities - XSS
Has anyone on the list done much with testing for XSS vulnerabilities? Has anyone written a simple work program to test for these vulnerabilities that they are happy to distribute so others can do basic testing for these vulnerabilities? There a few papers out on this topic, but none that I hve seen that really focus on the testing side of things. Thanks __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ----------------------------------------------------------------------
------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Cross Site Scripting Vulnerabilities - XSS Jason binger (Aug 06)
- Re: Cross Site Scripting Vulnerabilities - XSS Chad Loder (Aug 06)
- Re: Cross Site Scripting Vulnerabilities - XSS Bill Pennington (Aug 06)
- Message not available
- Re: Cross Site Scripting Vulnerabilities - XSS Jeremiah Grossman (Aug 07)
- Message not available
- RE: Cross Site Scripting Vulnerabilities - XSS Matt Andreko (Aug 07)
- Re: Cross Site Scripting Vulnerabilities - XSS Bill Pennington (Aug 07)
- Re: Cross Site Scripting Vulnerabilities - XSS Kevin Spett (Aug 09)
- RE: Cross Site Scripting Vulnerabilities - XSS Matt Andreko (Aug 12)
- Re: Cross Site Scripting Vulnerabilities - XSS Kevin Spett (Aug 12)
- <Possible follow-ups>
- RE: Cross Site Scripting Vulnerabilities - XSS Jeremy Junginger (Aug 12)