Vulnerability Development mailing list archives

Re: CSS implication

From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: Sat, 16 Mar 2002 10:14:31 -0800

The implications are very simple. With XSS, one can control a target users
browser to make it do whatever they want it to do.

From here, if one can exploit a browser vulnerability, they can control the

target
users machine to do whatever it is they want it to do.

The rest is how you want to use this kind of access.

Cookie theft and location forwarding are just some possible repercussions.


zero wrote:

Hi all,
         I'm working on a CSS paper, and I was wondering, what are the real
implications of a CSS attack. When some site is vuln to a CSS problem,
you're able to execute code on the web. I've thought about the implications
of this. First of all:
         - You can steal cookies from users
         - You can send bogus links faking the original site: i.e
http://site/vuln.php?query=<script>...(faking vuln.php)...</script>
         - You can download & launch activeX (possible to download and
execute trojans?)

Any more dangerous implications?

mailto:zeroboy () arrakis es
http://www.podergeek.com
http://www.citfi.org

Current thread:

CSS implication zero (Mar 16)
- Re: CSS implication Jeremiah Grossman (Mar 16)
- <Possible follow-ups>
- Re: CSS implication Frog Man (Mar 17)
  - Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
  - Re: CSS implication Jeremiah Grossman (Mar 18)
    - Re: CSS implication zero (Mar 18)
    - Re: CSS implication Jeremiah Grossman (Mar 19)
    - Re: CSS implication Sverre H. Huseby (Mar 23)
- RE: CSS implication Matt Priestley (Mar 17)
  - Re: CSS implication Arta (Mar 18)
- Re: CSS implication b0iler _ (Mar 20)

(Thread continues...)