Re: [Full-disclosure] excessive xss vulnerabilities

Interesting, a JS keylogger! You should use XMLHTTP to post the info...


A presentation by Jeremiah Grossman at blackhat last year walked through installing a keylogger and using
AJAX (HTMLHTTP) to not only record what the user was doing, but also interactively feed them new payloads.

- zeno
http://www.cgisecurity.com/ Web Security news and More
http://www.cgisecurity.com/index.rss [RSS Feed]


________________________________

From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of
Christian Swartzbaugh
Sent: 09 May 2006 00:35
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] excessive xss vulnerabilities


there is a high volume of xss vulnerabilities on this list. take the
next step to disclose why xss important for the affected program. for
instance, creating a test case that does something privileged or
malicious towards a visitor. in attempting to create a keystroke logger
in javascript i've found it drops random keystrokes (i think its a speed
problem). and i would be interested in seeing more malicious javascript.


again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would
want those cookies or how he/she could use them to create a security
issue.=20

thanks
feofil


------_=_NextPart_001_01C67343.30812B54
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2873" name=3DGENERATOR></HEAD>
<BODY>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D903053208-09052006>Interesting, a JS keylogger! You should use =
XMLHTTP to=20
post the info...</SPAN></FONT></DIV><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> =
full-disclosure-bounces@xxxxxxxxxxxxxxxxx=20
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] <B>On Behalf Of =
</B>Christian=20
Swartzbaugh<BR><B>Sent:</B> 09 May 2006 00:35<BR><B>To:</B>=20
full-disclosure@xxxxxxxxxxxxxxxxx<BR><B>Subject:</B> [Full-disclosure] =
excessive=20
xss vulnerabilities<BR></FONT><BR></DIV>
<DIV></DIV>there is a high volume of xss vulnerabilities on this list. =
take the=20
next step to disclose why xss important for the affected program. for =
instance,=20
creating a test case that does something privileged or malicious towards =
a=20
visitor. in attempting to create a keystroke logger in javascript i've =
found it=20
drops random keystrokes (i think its a speed problem). and i would be =
interested=20
in seeing more malicious javascript. <BR><BR>again please justify why =
xss is=20
valuable in disclosures of these vulnerabilties<BR>even if its just a =
cookie=20
stealer, please show why an attacker would want those cookies or how =
he/she=20
could use them to create a security issue.=20
<BR><BR>thanks<BR>feofil<BR></BODY></HTML>

------_=_NextPart_001_01C67343.30812B54--


--===============0551646189==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0551646189==--


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Virtualtourist.com - XSS with cookie disclosure
    ... And below is our cookie data that was written out: ... (Virtual Tourist Vist=Possibly random string given to this session, ... XSS Vuln via search destination input box: ...
    (Bugtraq)
  • Re: [Full-Disclosure] Search Engine XSS
    ... XSS can be used for a few different things, one of which would be to steal ... those XSS don't mean shit unless it targets an admin that is somehow logged ... in with valid stuffz in his cookie (but i did learn some other cool iframe ... advanced junk mail protection and 2 months FREE* ...
    (Full-Disclosure)
  • [Full-disclosure] Libero.it (italian ISP) XSS vulnerability
    ... The vulnerability can be found in the "Community" section of Libero ... password of the victim accessing his cookie. ... Trough a simple XSS locator can be found that the page is vulnerable ... to a remote server. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] excessive xss vulnerabilities
    ... step to disclose why xss important for the affected program. ... even if its just a cookie stealer, please show why an attacker would want ... Xtra Sex Sex The Planet! ...
    (Full-Disclosure)
  • [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]
    ... websites, because it`s free of charge, easy to install and has broad set of features. ... about the Cross-Site Scripting aka XSS problems in this popular content management system. ... By the way - even COOKIE ...
    (Bugtraq)