So why not show one of these legitimate examples instead of the overused
window popup script?
It would just be easier to ascertain the level of severity if an actual DoS
string or this "trusted internal call" was exploited.
I am sure there are a lot of forms that can be a victim of a xss string
It really is so site specific that it is hard to say. The thing to
remember about XSS is that general attack vectors are client-to-client.
So user "a" can attack user "b". It is really not a client-to-server
attack. The most common attack scenario that I have seen is getting
user b to click on
So why not show one of these legitimate examples instead of the overused window popup
script?
It would just be easier to ascertain the level of severity if an actual DoS string or
this "trusted internal call" was exploited.
I am sure there are a lot of forms that can be a victim of a xss string
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Some quick corrections:
- this paragraph is now readable
One of the original example of XSS was where an exploiter gave a link on his
webpage to a location under the nytime domain, which, when clicked presented
the user with a bogus story.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Not speaking to these specific vulnerabilities, XSS attacks in general, let
you masquerade info as being legitimate data from the server.
For example, you can present the user with an error page which LOOKS like a
login page with the method in the H
Yes but what affect does this have on the server? How does it comprimise security? Can you use this to DoS the server? Can you use this to gain access to areas on the server otherwise not available?
Sometimes server security isn't the issue. Client trust is just
as important as server or network
both..
> Can you use this to DoS the server?
consider that the server must process the requests.. i think it can be a
DoS issue with enough length and quanity of the requests.
>Can you use this to gain access to areas on the server otherwise not
available?
many servers assume a call to "/somefo
Yes but what affect does this have on the server? How does it comprimise security? Can
you use this to DoS the server? Can you use this to gain access to areas on the server
otherwise not available?
On Wed, 23 Jul 2003 02:18:05 -0700
"morning_wood" <[EMAIL PROTECTED]> wrote:
> since were on th
i just have one xss google:
just goto:
http://www.safecenter.net/crosszone/Top/ServerSide/Dir-SS-Known/SS-Top.htm
and click the google icon.
(MSIE only)
but you can't waste too much time on xss. "remote
system compromise" is more funny.
--- morning_wood <[EMAIL PROTECTED]> 的正文:>
since were on
since were on the subject now... ill clear up my backlog...
Sites Affected...
Overture
Altavista
MetaCrawler
Excite
Webcrawler
InfoPlease
MarketWatch
Icq
Looksmart
http://www.overture.com/d/search/;$sessionid$EVV5ZDIABJG13QFIEEOQPUQ?Keywords=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+
10 matches
Mail list logo