in all honesty, XSS is a serious vector of
attack.
however, non-persistant XSS is a much less serious
problem
than is persistant XSS. Generally XSS is of no harm
to the server
side anyway. It can however be leveraged as the OP
said, but
would require a dedicated, pre-formed url
string that needs to
be presented to the user to be effective. IMHO the
OP advisory
should not have been posted, because of the
non-persistant nature
of the flaw at one dedicated
site.
Issues comes into play via persistant
XSS, which is
script that may
be embedded in a web application, such as a guestbook, or
comment
section, where people would travel to on their own without the
need of
a direct link and then rendered upon visitation in
the users browser.
Further, in todays world of browser exploitation, cookie, session,
and/or credential theft is not the only thing to be gained and is often
of minor importance and information. What is bad is leveraging
XSS
as a vector for browser exploitation ( can we say IFRAME+WMF ),
so you have a way, via XSS to COMPROMISE end users systems.
While the OP does have a valid initial point and
theory,
1. it is not persistant in nature
2. it is one site, and not a script used on many
sites
3. it does require SE at some level to be
effective
4. it should not have been posted to FD ( see
points 1,2,3 )
my2bits,
MW
|
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/