Vulnerability Development mailing list archives
Re: CSS implication
From: "HarryM" <harrym () the-group org>
Date: Thu, 21 Mar 2002 10:18:11 -0000
Although very simular to XSS writting SSI, PHP, or any other kind of
server
side language is not XSS, but rather a remote file writting vulnerability. The difference is there and I don't feel we should confuse the two. I am not sure if you would call client side scriptting that is saved to a file
on
the server XSS, but I personally do not count it as such.
I don't agree at all, if anything, grabbing a file from another site and executing php in it is more XSS as I understand it, since you're 'crossing' servers to get the code. If this isn't XSS then what about reaching to another domain to download a .js file for execution, like the recent vulnerabilities on online news pages? Perhaps there should be different terms for clientside/serverside XSS vulns but i feel they fall under the same category. Harry
Current thread:
- Re: CSS implication, (continued)
- Re: CSS implication Frog Man (Mar 17)
- Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication zero (Mar 18)
- Re: CSS implication Jeremiah Grossman (Mar 19)
- Re: CSS implication Sverre H. Huseby (Mar 23)
- Re: CSS implication Jeremiah Grossman (Mar 18)
- Re: CSS implication Frog Man (Mar 17)
- Re: CSS implication Arta (Mar 18)
- Re: CSS implication HarryM (Mar 21)
- Re: CSS implication Sverre H. Huseby (Mar 21)