Penetration Testing mailing list archives
Re: XSS interrogations
From: Paul Sebastian Ziegler <psz () observed de>
Date: Thu, 23 Aug 2007 08:29:21 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Just a rough sketch of what you can do with the different types of XSS. 1) You can grab those cookies. Make the JavaScript send them to you and you may be able to hijack the session or even the account 2) You can read stuff from the Webapp itself (Major consequences if sensitive data like billing information is shown) 3) You can deface the Webpage and spread false information by writing to the document.body.innerHTML element. (Works better with persistent XSS, but reflected does fine as well) 4) With persistent XSS in a big site you can run DoS-Attacks against smaller servers 5) You can surveil the user's behavior 6) XSS allows you to beat about any security mechanism that would normally prevent CSRF 7) You can actually hijack the user's browser and use it as a proxy for yourself. (http://www.portcullis-security.com/16.php) There is a lot more. And you can combine most of this. When asking "what could XSS do" it would be much easier to just consider "what could I possibly do with JavaScript?". Many Greetings Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzSk8aHrXRd80sY8RCnJqAKDzwI981ybG6RbxOTC4wh/UK9wUXACeJzRj 3g0ETxf2VDefJr6cSG8oIYY= =b1PF -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- XSS interrogations Jeremy Saintot (Aug 22)
- Re: XSS interrogations Paul Sebastian Ziegler (Aug 22)
- <Possible follow-ups>
- Re: XSS interrogations Jon Xmas (Aug 23)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- RE: [WEB SECURITY] HTTP Proxy for thick clients Ofer Shezaf (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients bugtraq (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients charlie derr (Aug 28)
- Re: HTTP Proxy for thick clients Jeffory Atkinson (Aug 28)
- Re: HTTP Proxy for thick clients rajat swarup (Aug 29)