Hello Todd, > I'm looking for some detailed examples of XST. Google didn't turn up much > except tons of press releases that the vulnerability exists, but I > couldn't find any examples or exploit code to go along with it. In fact, I > couldn't even find XST in the CVE database. > > Can anyone point me in the right direction here? Obviously, the first place to start would be the Whitehat advisory, and from there I would read the thread on webappsec about it. XST doesn't give you a whole lot, from what I understand, except for a way to obtain HTTP AUTH passwords when you already have an XSS. The key is the XML request objects in IE and Mozilla. good luck, tim --------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 18:51:46 PDT