Penetration Testing mailing list archives
XSS interrogations
From: Jeremy Saintot <jeremy.saintot () gmail com>
Date: Wed, 22 Aug 2007 16:51:15 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I have been wondering for a certain time what can be done concretely with cross-site scripting. I mean, for example a Web page on which I input an incorrect email address which results on a page which says "your address [string entered] is invalid". I can eventually generate a Javascript alert box containing my own cookie, or things like that, but that does not have any advantage for me. I understand the interest to use XSS on message boards or others, consultable by many people, but on simple pages like that, which I am the only one to see? What can be done? Thank you for your help ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzE1jb2WOwcVpNXURApHqAKCRYsYqyIH8d0MQ8ZP4UQZ7rhvIoQCfb6to mZLy47G7PaN0zfowc0vn4Uk= =1hoD -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- XSS interrogations Jeremy Saintot (Aug 22)
- Re: XSS interrogations Paul Sebastian Ziegler (Aug 22)
- <Possible follow-ups>
- Re: XSS interrogations Jon Xmas (Aug 23)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- RE: [WEB SECURITY] HTTP Proxy for thick clients Ofer Shezaf (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients bugtraq (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients charlie derr (Aug 28)
- Re: HTTP Proxy for thick clients Jeffory Atkinson (Aug 28)