WebApp Sec mailing list archives
Re: XSS
From: John Madden <chiwawa999 () yahoo com>
Date: Tue, 10 Dec 2002 08:35:55 -0800 (PST)
Hi All, Thanks to everyone for their responses. Maybe i did not express myself well enough. What I wanted to know is if a site is vulnerable to XSS but doesn't allow any write operation, any postings for other users to actualy use the malicious URL, can it be used for something else ? The reason i'm asking is that the company I work for is vulnerable but doesn't allow any kind of user input (basicly it's just information site) We have to weight the treath vs cost, if nothing can be done with the XSS (no to say that they will never allow any user input...) then it will have a lower priority in the recommendations and if to fix all the web pages cost mucho $$$$ then we have to consider that as well. Any ideas ? --- Kevin Spett <kspett () spidynamics com> wrote:
We've got an XSS paper that describes a real attack in technical detail. The scenario it uses is a bank login page that uses client-supplied data for a login-failed error message. http://www.spidynamics.com/mktg/xss I hope it helps. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "John Madden" <chiwawa999 () yahoo com> To: <webappsec () securityfocus com> Sent: Tuesday, December 10, 2002 9:38 AM Subject: XSSHello all, Being new to XSS and seing alot of messages in the last couple weeks on the subject got mewondering...What is the real vulnerability if the site in questions is vulnerable to XSS but does not letyouwrite any malicious scripts on the system, like message board, forums etc... ? Can anything bedone toexploit XSS if the above scenario occurs ? I knowitdepends on the web server, packages installedetc...I'm asking in generaly is it possible ? You can do the document.cookie and view your cookie, that migth give a hint on the structurebut...or redirect yourself to another web site :) etc... I've read the document on XSS by David Endler http://www.idefense.com/papers.html but still have some questions. If possible, can the XSS guru's on the list shedsomelight on the subject. Thanks for your time, Cheers __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign upnow.http://mailplus.yahoo.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com