Recently having done this for my employer, what I did was combed Bugtraq archives for keyword searches on xss or cross-site vulnerabilities. After doing so you can identify software packages (postnuke, apalachian web site, et. al) and the version #s of affected releases. After doing so, I setup a linux box, mysql, and the different vulnerable software packages that were identified and began to xss away. Food for thought. Loki http://www.fatelabs.com On Mon, 6 Jan 2003 10:00:48 -0700 "Jeremy Junginger" <jjat_private> wrote: >After reading the papers by iDefense and the paper at >http://www.technicalinfo.net/papers/CSS.html , I would >like to put a >working example together to familiarize our web >developers with XSS >vulnerabilities and their impact on the web site (and >business). I >would like to poll the group for interesting ways to >demonstrate these >vulnerabilities in a lab environment. Thanks for taking >the time to >give your input. > >-Jeremy > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security >Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA >service which >automatically alerts you to the latest security >vulnerabilities please see: >https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 20:30:42 PST