Vulnerability Development mailing list archives
Re: CSS implication
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sun, 17 Mar 2002 18:40:24 +0100
I'm not sure but I think that SSI can be used with CSS.Then we can include file :<!--#include virtual="thefile"-->, execute commands <!--#exec cmd="/user/bin/perl/date"--> and execute CGI script <!--#exec cgi="cgi/cgi.cgi"-->.
If that's false, please say it to me. Sorry for my bad englsih :) frog-m@n
From: zero <zeroboy () arrakis es> To: vuln-dev () securityfocus com Subject: CSS implication Date: Sat, 16 Mar 2002 14:38:44 +0100 Hi all, I'm working on a CSS paper, and I was wondering, what are the real implications of a CSS attack. When some site is vuln to a CSS problem, you're able to execute code on the web. I've thought about the implications of this. First of all: - You can steal cookies from users - You can send bogus links faking the original site: i.e http://site/vuln.php?query=<script>...(faking vuln.php)...</script> - You can download & launch activeX (possible to download and execute trojans?) Any more dangerous implications? mailto:zeroboy () arrakis es http://www.podergeek.com http://www.citfi.org ************************************************** "The further backward you look, the further forward you can see" Winston Churchill "Para ganar, hay gente que debe perder"
_________________________________________________________________MSN Photos est le moyen le plus simple de partager, modifier et imprimer vos photos préférées. http://photos.msn.fr/Support/WorldWide.aspx
Current thread:
- CSS implication zero (Mar 16)
- Re: CSS implication Jeremiah Grossman (Mar 16)
- <Possible follow-ups>
- Re: CSS implication Frog Man (Mar 17)
- Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication zero (Mar 18)
- Re: CSS implication Jeremiah Grossman (Mar 19)
- Re: CSS implication Sverre H. Huseby (Mar 23)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication Arta (Mar 18)
- Re: CSS implication HarryM (Mar 21)