Vulnerability Development mailing list archives
Re: CSS implication
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: Sun, 17 Mar 2002 21:59:24 -0800
zero wrote:
At 10:14 a.m. 16/03/2002 -0800, you wrote:The implications are very simple. With XSS, one can control a target users browser to make it do whatever they want it to do.Although that's true, many times, you just can execute code through special crafted urls. So, users aren't directly affected. I mean, the code you inject doesn't gets executed as in normal forum CSS. You can use this kind of links in social engineering attacks or there are more implications?
Having a bit of trouble understanding what you mean.... but...I think your right, some XSS attacks dont have to "directly " effect the user, but they manipulate them in some way. However, I still think this type of attack would be grouped as an implication of XSS. Jeremiah Grossman WhiteHat Security, Inc. http://community.whitehatsec.com
Current thread:
- CSS implication zero (Mar 16)
- Re: CSS implication Jeremiah Grossman (Mar 16)
- <Possible follow-ups>
- Re: CSS implication Frog Man (Mar 17)
- Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication zero (Mar 18)
- Re: CSS implication Jeremiah Grossman (Mar 19)
- Re: CSS implication Sverre H. Huseby (Mar 23)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication Arta (Mar 18)
- Re: CSS implication HarryM (Mar 21)
- Re: CSS implication Sverre H. Huseby (Mar 21)