Re: XSS LAB DEMO IDEAS

["Loki" <loki () fatelabs com>]

Recently having done this for my employer, what I did was 
combed Bugtraq archives for keyword searches on xss or 
cross-site vulnerabilities. After doing so you can 
identify software packages (postnuke, apalachian web site, 
et. al) and the version #s of affected releases.

After doing so, I setup a linux box, mysql, and the 
different vulnerable software packages that were 
identified and began to xss away. 

Food for thought.

Loki
http://www.fatelabs.com

On Mon, 6 Jan 2003 10:00:48 -0700
 "Jeremy Junginger" <jj () act com> wrote:
> After reading the papers by iDefense and the paper at
> http://www.technicalinfo.net/papers/CSS.html , I would 
> like to put a
> working example together to familiarize our web 
> developers with XSS
> vulnerabilities and their impact on the web site (and 
> business).  I
> would like to poll the group for interesting ways to 
> demonstrate these
> vulnerabilities in a lab environment.  Thanks for taking 
> the time to
> give your input.
>
> -Jeremy
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security 
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA 
> service which
> automatically alerts you to the latest security 
> vulnerabilities please see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/