Re: Sourceforge.net XSS

[Valdis.Kletnieks () vt edu]

On Mon, 17 Apr 2006 11:31:51 EDT, v9 said:
> samy's worm was stored on the server and shown to all who viewed his
> myspace page.  these kind of XSS are in  a url you'd have to create
> yourself, you wouldn't ever stroll across this, as you have to make it in
> the url to work.

This is still a threat if the attacker is able to use social engineering to
increase the chances somebody will click on it.  Goatse isn't something
somebody would stroll across either, but you certainly see enough attempts
to put links to it in Slashdot postings...

> so as i said before, encoded/phishing (emails) is about the only possible
> use for these that i can see, and not even to a good extent(easier
> to just use the usual <A HREF> style misdirection, and has more options).
> if someone can tell me otherwise, post a RELATED reply. (ie. in-url XSS)

Using <A HREF> *is* certainly easier, and the cost of admission is basically
the same for both - you need to entice the user to click the link.  The difference
is in what your *goal* is.  If you want them to visit some *other* page, a simple
anchor works.  If you want to execute some Javascript in *this* page's context,
you'll be looking for an XSS.....

Attachment: _bin
Description: