zero wrote: > At 10:14 a.m. 16/03/2002 -0800, you wrote: > >The implications are very simple. With XSS, one can control a target users > >browser to make it do whatever they want it to do. > > Although that's true, many times, you just can execute code through special > crafted urls. So, users aren't directly affected. I mean, the code you > inject doesn't gets executed as in normal forum CSS. You can use this kind > of links in social engineering attacks or there are more implications? Having a bit of trouble understanding what you mean.... but...I think your right, some XSS attacks dont have to "directly " effect the user, but they manipulate them in some way. However, I still think this type of attack would be grouped as an implication of XSS. Jeremiah Grossman WhiteHat Security, Inc. http://community.whitehatsec.com
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 09:25:08 PST