Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

XSS interrogations

From: Jeremy Saintot <jeremy.saintot () gmail com>
Date: Wed, 22 Aug 2007 16:51:15 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I have been wondering for a certain time what can be done concretely
with cross-site scripting. I mean, for example a Web
page on which I input an incorrect email address which results on a
page which says "your address [string entered] is invalid".

I can eventually generate a Javascript alert box containing my
own cookie, or things like that, but that does not have any
advantage for me.

I understand the interest to use XSS on message boards or others,
consultable by many people, but on simple pages like that, which I am
the only one to see? What can be done?

Thank you for your help ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzE1jb2WOwcVpNXURApHqAKCRYsYqyIH8d0MQ8ZP4UQZ7rhvIoQCfb6to
mZLy47G7PaN0zfowc0vn4Uk=
=1hoD
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: