Re: Exploiting XSS

["Adriel T. Desautels" <ad_lists () netragard com>]

Anthony,  I'll have ti disagree with you here.  To me it looks like he  
found the vulnerabilities by using an automated web application  
security scanner, not via manual testing.   While I understand that  
you are standing up for the man (and I respect that) I do not respect  
people who offer protective security services when they don't know  
what they are doing. That in my opinion is nearly criminal because you  
are giving people a false sense of security. What are you going to say  
when they get hacked because you missed something absolutely obvious?   
People who pay security experts to do work should always be getting  
quality work.

With respect to XSS attacks, I understand them very well. I understand  
how to steal cookies, launch phishing attacks, even redirect and pwn  
browsers.  My point is though, XSS does not provide you wit "Direct"  
methods of penetration into a system, well not in most cases anyway.   
In most cases its the attack that you do with XSS that then allows you  
to penetrate, sort of indirect.

Thanks for the offer for help by the way, but I'm all set there.

On Dec 5, 2008, at 1:53 PM, Anthony Cicalla wrote:

> He obviously knows a bit of what he's doing he identified the  
> vulnerabilities and knows what they are, he's just looking for  
> advanced exploitation of the vulnerability to show why it's an issue  
> to his client. Don't hate on him for asking questions. "Even Genius  
> ask questions".
>
> Read up on xssshell that I sent you. You will see very quickly what  
> you can do with xssshell. Key logging, steal cookies, pretty much  
> make that pc your zombie while the link stays established if it's  
> persistent xss then everyone that drives by the forum becomes your  
> zombie. If you have questions or want to discuss it more contact me  
> offline and I will help you with what I can.
>
> Anthony Cicalla
>
> On Wed, Dec 3, 2008 at 12:44 PM, Adriel T. Desautels <ad_lists () netragard com 
> > wrote:
> Hi,
>        You should forward your customers onto someone who knows the  
> answers to those questions already. It frightens me to think that  
> you are offering to provide security services to people when you  
> don't know what it is that you are doing or why a risk is a risk.
>
>
> On Dec 3, 2008, at 12:08 AM, Whitehat wrote:
>
> Dear List,
>
> I'm doing a WAPT for a website and found many XSS issues (both Stored
> and Reflected).
> I wanted to do more and show to the customer, apart from normal script
> injection  and  getting it popped up.
>
> Consider that u found an XSS issue in a field and your script is  
> running,
>
>  1. Now what are the further steps for exploiting XSS completely????
>  2. How an attacker can really make  use of  it?
>  3. How to Compromise ??
>  4. What are the real world scenarios can be used
>
> Looking for few good inputs/imlementations/expolits/ 
> BooKs ..............
>
> Thanks in advance,
>
> Cheers,
> White hat
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
>
>
> Adriel T. Desautels
> ad_lists () netragard com
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
>
>
>
>
> --
> Anthony,

Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------