Next message: Magnus Bodin: "[FWD] MSIE vulnerability exploitable with Eudora (and IncrediMail)"
The implications are very simple. With XSS, one can control a target users
browser to make it do whatever they want it to do.
From here, if one can exploit a browser vulnerability, they can control the
target
users machine to do whatever it is they want it to do.
The rest is how you want to use this kind of access.
Cookie theft and location forwarding are just some possible repercussions.
zero wrote:
> Hi all,
> I'm working on a CSS paper, and I was wondering, what are the real
> implications of a CSS attack. When some site is vuln to a CSS problem,
> you're able to execute code on the web. I've thought about the implications
> of this. First of all:
> - You can steal cookies from users
> - You can send bogus links faking the original site: i.e
> http://site/vuln.php?query=>...(faking vuln.php)...</script>
> - You can download & launch activeX (possible to download and
> execute trojans?)
>
> Any more dangerous implications?
>
> mailto:zeroboyat_private
> http://www.podergeek.com
> http://www.citfi.org
This archive was generated by hypermail 2b30
: Sun Mar 17 2002 - 01:05:44 PST