WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

XSS caused by Greasemonkey userscript

From: "Martin Johns" <martin.johns () gmail com>
Date: Fri, 29 Dec 2006 15:11:50 +0100
Hello all,

I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/

Best
Martin

--
Martin Johns
http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php

-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: