Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS vector attack list...
Posted by: kanedaaa
Date: July 07, 2007 07:35PM

Iam trying to made a list about how many ways XSS can be dangerous to prove some people that is important to filter XSS attacks. If You have some idea - add it. For example:
1 - Cookie based authentication stealing,
2 - CSRF,
3 - ... ?

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: id
Date: July 07, 2007 07:50PM

Profit

-id

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: Anonymous User
Date: July 08, 2007 07:58AM

Information disclosure - like lazy-XSS in admin interfaces etc.

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: serachewhi
Date: July 08, 2007 10:39AM

Phishing

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: Ivan
Date: July 08, 2007 12:27PM

Bussines failure, customers trust, ...

http://www.security-net.biz/

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: barbarianbob
Date: July 08, 2007 12:42PM

unauthorized access

...and if the admin has a file editor, you can gain control of php.

Options: ReplyQuote
Re: XSS vector attack list...
Date: July 09, 2007 06:07AM

Does "Remote File Inclusion" count? If so you can easily upload a C99 shell to edit files.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: wck
Date: July 09, 2007 05:31PM

"samy is my hero" style worms as well.

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: Anonymous User
Date: July 09, 2007 09:22PM

- SEO link injection e.g. boost PR.
- Dossing webpages with XSS e.g. shutdown access.
- Worm canning e.g. storing worms
- Privacy infringement
- Makes you look like an amature, n00b programmer.

Options: ReplyQuote
Re: XSS vector attack list...
Posted by: ma1
Date: July 10, 2007 02:53AM

Massive email theft on multiple domains :)

--
*hackademix.net*

There's a browser safer than Firefox... Firefox, with NoScript



Edited 1 time(s). Last edit at 07/10/2007 04:16AM by ma1.

Options: ReplyQuote


Sorry, only registered users may post in this forum.