WebApp Sec mailing list archives
XSS caused by Greasemonkey userscript
From: "Martin Johns" <martin.johns () gmail com>
Date: Fri, 29 Dec 2006 15:11:50 +0100
Hello all, I think we all agree that browser add-ons may lead to additional vulnerabilities in web apps that would otherwise be secure. I had some time at my hands and looked into a couple of Greasemonkey userscripts. I found an example where a userscript introduces new XSS holes in various web applications. If you are interested, here is a short writeup: http://shampoo.antville.org/stories/1537256/ Best Martin -- Martin Johns http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php ------------------------------------------------------------------------- Sponsored by: WatchfireToday's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- XSS caused by Greasemonkey userscript Martin Johns (Dec 29)