Penetration Testing mailing list archives
Re: Exploiting XSS
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Fri, 5 Dec 2008 11:55:22 -0800
please see inline responses...
I'm doing a WAPT for a website and found many XSS issues (both Stored and Reflected). I wanted to do more and show to the customer, apart from normal script injection and getting it popped up. Consider that u found an XSS issue in a field and your script is running, 1. Now what are the further steps for exploiting XSS completely????
own the client
2. How an attacker can really make use of it?
owning the client
3. How to Compromise ??
client side attacks
4. What are the real world scenarios can be used
malware delivery, phishing, credental theft
Looking for few good inputs/imlementations/expolits/BooKs ..............
obviously you need them
Thanks in advance, Cheers, White hat
ummm... your realy a pentester?
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: Exploiting XSS, (continued)
- Re: Exploiting XSS Anthony Cicalla (Dec 05)
- Re: Exploiting XSS NeZa (Dec 05)
- Re: Exploiting XSS Durga Prasad Adusumalli (Dec 05)
- Re: Exploiting XSS Danilo Nascimento (Dec 05)
- Re: Exploiting XSS Adriel T. Desautels (Dec 05)
- Message not available
- Re: Exploiting XSS Adriel T. Desautels (Dec 05)
- Re: Exploiting XSS Paul Melson (Dec 07)
- Re: Exploiting XSS Adriel T. Desautels (Dec 07)
- Re: Exploiting XSS xsp (Dec 07)
- Message not available