Vulnerability Development mailing list archives
Re: Evolution of Cross-Site Scripting Attacks
From: David Endler <dendler () idefense com>
Date: 20 May 2002 18:44:48 -0000
Great ! This article is a very good explanation of how to set-up an attack against web apps by using XSS.
Thanks :-) It was inspired in part by the fact that so many users, but more important vendors, don't seems to have a clear grasp of what XSS is and how it affects their sites.
However, it is not really a "prediction" of a new type of attack: several people (including me ;) have pointed out in the past on
this mailing-list that I agree, I tried to make that subtle distinction in the paper but perhaps it didn't come across: I wasn't trying to predict automated XSS attacks (which have been demonstrated before by others including you), but instead predict it would start happening more and more. The main point was to grab people's attention to increase awareness ahead of time. -dave
Current thread:
- Evolution of Cross-Site Scripting Attacks David Endler (May 20)
- Re: Evolution of Cross-Site Scripting Attacks Replugge [ROD] (May 20)
- Re: Evolution of Cross-Site Scripting Attacks FozZy (May 20)
- <Possible follow-ups>
- Re: Evolution of Cross-Site Scripting Attacks David Endler (May 20)