WebApp Sec mailing list archives
Advanced XSS paper and semi-new attack
From: Gavin Zuchlinski <gzuchlinski () pgsit org>
Date: Fri, 17 Oct 2003 21:57:15 -0400
Hi everyone, I recently wrote a short paper on advanced methods of cross site scripting exploitation (against POST variables and secure areas which require authentication every session). In coming up with the methods of exploitation I realized they could be generalized to a somewhat different type of attack I dubbed client automation. This is basically just the forcing of a client to submit a form without their knowledge and change settings, which exploits the trust in many web based scripts that a user who submits a form is in fact submitting the form. The paper can be found at http://libox.net/xss.php . -Gavin
Current thread:
- Advanced XSS paper and semi-new attack Gavin Zuchlinski (Oct 18)
- <Possible follow-ups>
- Re: Advanced XSS paper and semi-new attack Härnhammar , Ulf (Oct 20)
- Re: Advanced XSS paper and semi-new attack Härnhammar , Ulf (Oct 20)