Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Unsigned Java applets
Posted by: hexfortyfive
Date: August 05, 2008 02:57PM

Due to recent announcements, I've been playing more with using Java applets in attacks. What can a malicious unsigned Java applet hosted on a remote server do? Grab cookies? Make GET/POST requests to the website? So what?!

My real question: I can execute XSS that loads a malicious applet that I've uploaded to a server. What does this unsigned applet let me do that I can't already do with Javascript? What have I gained?

Options: ReplyQuote

Sorry, only registered users may post in this forum.