WebApp Sec mailing list archives

Re: XSS

From: "Sverre H. Huseby" <shh () thathost com>
Date: Thu, 19 Dec 2002 21:27:25 +0100

[Matthew Miller]

|   First, there are really two types of XSS.  Persistent, where the
|   injected code is stored within the web application, such as in
|   distribution lists, databases, etc..., Transaction based,
|   requiring a user to perform an action in order to be affected,
|   such as click on a link, view a page with malicious script in it,
|   etc...

Sorry for answering this late...

I've come to call the latter "socially engineered XSS" (SEXSS? :) ),
as it most often will involve some kind of con in order to make the
user follow the link.  Is that a good name?


Sverre.

PS: I've just finished "The Art of Deception" by Kevin Mitnick.  I
    guess that's why I suddenly came up with the name.  An enjoyable
    book, BTW.

-- 
shh () thathost com             Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/        http://nerdquiz.thathost.com/

Current thread:

XSS John Madden (Dec 10)
- RE: XSS Eyal Udassin (Dec 10)
- Re: XSS Kevin Spett (Dec 10)
  - Re: XSS John Madden (Dec 10)
    - Re: XSS Kevin Spett (Dec 10)
    - Re: XSS Stephen de Vries (Dec 11)
    - Re: XSS Matthew Miller (Dec 11)
    - Re: XSS Jeff Williams @ Aspect (Dec 11)
    - Re: XSS Sverre H. Huseby (Dec 19)
    - Re: XSS Ed Tracy @ Aspect Security (Dec 11)
    - Re: XSS Matthew Miller (Dec 11)
    - Re: XSS HarryM (Dec 15)
- <Possible follow-ups>
- Re: XSS zeno (Dec 10)
- RE: XSS Ernesto Funes (Dec 10)
- Re: XSS zeno (Dec 10)
  - RE: XSS Brett Moore (Dec 10)
    - Re: XSS zeno (Dec 10)
- RE: XSS David Endler (Dec 10)
- Re: XSS appsec (Dec 15)