Re: CSS implication

["b0iler _" <b0iler () hotmail com>]

Although very simular to XSS writting SSI, PHP, or any other kind of server 
side language is not XSS, but rather a remote file writting vulnerability.  
The difference is there and I don't feel we should confuse the two.  I am 
not sure if you would call client side scriptting that is saved to a file on 
the server XSS, but I personally do not count it as such.

Here is a few other things for your paper.

you can redirect the user to a url or submit form data.  very dangerous if 
the user is allowed to do things like change their password when they are 
logged in without having to supply their password.  session theft.

read field data or html.  can be dangerous if a users password, credit card 
number, real name, or other sensitive information is printted to the same 
page(s) the XSS has access to.

you can change the html of a page.  dangerous for example if the user is 
supposed to input their username and password, you can change where the form 
is sent, making it instead a logging script set up on your server.

Matt Priestley mentioned session theft. Which was what most of these have 
have to deal with, also you can grab the current url.  Which can sometimes 
hold sensitive info - usernames, passwords, session ids, etc.


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com