> So how about a real world attack scenario for this. This is one of > the lamest vulns I have ever seen.
Until about a year ago, I'd have to agree with you. A lot of uses for XSS have been researched in the last year including a few new ways to use it make it 'useful'. Not only can you do standard cookie hijacking with XSS, but combined with browser flaws XSS 'could' (in certain situations) be used to help portscan and possible exploit(carry exploit payloads) a backend network behind a firewall (to the user visiting the XSS'd link), as well as gather Basic Auth credentials(or other headers) via XST attacks. Jeremiah Grossman presented at blackhat and showed that it's possible to capture keystrokes from a user that has visited a 'XSS'd' link as well as have bidirectional communication with them. Functionality such as xmlhttp can greatly expand the usefulness of Cross Site Scripting. The Cross Site Scripting FAQ http://www.cgisecurity.com/articles/xss-faq.shtml Cross-Site Tracing (XST) (Official Mirror) http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf AJAX (Asynchronous Javascript and XML) Links http://www.cgisecurity.com/ajax/ Jeremiah's blackhat talk http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-grossman.pdf XSS is 'starting' to get fairly useful. Regards, - [EMAIL PROTECTED] http://www.cgisecurity.com/ (Web Security News, and More!) http://www.cgisecurity.com/index.rss (Web Security News RSS Feed) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
