Penetration Testing mailing list archives
Re: XSS LAB DEMO IDEAS
From: Fermín J. Serna <fjserna () ngsec com>
Date: Wed, 8 Jan 2003 20:06:42 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi: You can also take a look at our WhitePaper: - 11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document describes a new way to exploit Cross Site Scripting (XSS) vulnerabilities. It uses an iPlanet XSS vulnerability as a case study. Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/ It just describes the case of using a XSS to redirect admin browser so it will exploit an open() perl bug in a protected (f.e. apaches's .htaccess) area. In few words, authoritation bypass. Best Regards, - - Fermín J. Serna @ NGSEC Next Generation Security Technologies http://www.ngsec.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR 2wk7Kqe+N5yyE1gVUdsjtKc= =HaJd -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- XSS LAB DEMO IDEAS Jeremy Junginger (Jan 06)
- Re: XSS LAB DEMO IDEAS Loki (Jan 06)
- Re: XSS LAB DEMO IDEAS Kevin Spett (Jan 06)
- <Possible follow-ups>
- Re: XSS LAB DEMO IDEAS Mark Curphey (Jan 06)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 07)
- Re: XSS LAB DEMO IDEAS Fermín J . Serna (Jan 08)
- RE: XSS LAB DEMO IDEAS Jeremy Junginger (Jan 08)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 10)