CSS implication

From: zero (zeroboyat_private)
Date: Sat Mar 16 2002 - 05:38:44 PST

Next message: Abel, Chris: "RE: Vulnerability in WinZip password protection ?"

Previous message: Magnus Bodin: "[FWD] MSIE vulnerability exploitable with Eudora (and IncrediMail)"
Next in thread: Jeremiah Grossman: "Re: CSS implication"
Reply: Jeremiah Grossman: "Re: CSS implication"
Reply: Frog Man: "Re: CSS implication"
Reply: zero: "Re: CSS implication"
Reply: Matt Priestley: "RE: CSS implication"
Reply: b0iler _: "Re: CSS implication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
         I'm working on a CSS paper, and I was wondering, what are the real 
implications of a CSS attack. When some site is vuln to a CSS problem, 
you're able to execute code on the web. I've thought about the implications 
of this. First of all:
         - You can steal cookies from users
         - You can send bogus links faking the original site: i.e 
http://site/vuln.php?query=>...(faking vuln.php)...</script>
         - You can download & launch activeX (possible to download and 
execute trojans?)

Any more dangerous implications?


mailto:zeroboyat_private
http://www.podergeek.com
http://www.citfi.org
**************************************************
"The further backward you look, the further forward you can see" Winston 
Churchill
  "Para ganar, hay gente que debe perder"

Next message: Abel, Chris: "RE: Vulnerability in WinZip password protection ?"
Previous message: Magnus Bodin: "[FWD] MSIE vulnerability exploitable with Eudora (and IncrediMail)"
Next in thread: Jeremiah Grossman: "Re: CSS implication"
Reply: Jeremiah Grossman: "Re: CSS implication"
Reply: Frog Man: "Re: CSS implication"
Reply: zero: "Re: CSS implication"
Reply: Matt Priestley: "RE: CSS implication"
Reply: b0iler _: "Re: CSS implication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 02:05:40 PST