Re: [Full-disclosure] on xss and its technical merit



you see you are arguing how useful xss can be for an attacker, but the point
of this argument is

1) how hard is it find xss in applications
2) how hard it is to successfully exploit the vulnerability

compared to other vulnerabilities xss is way down on the scale

i also believe this is what pdp wanted to argue as he believes xss is on the
same scale as other bugs following 1 and 2

On Nov 4, 2007 2:28 PM, <nexus@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

reepex wrote:
1) XSS isnt techincal no matter how its used
I totally disagree with you.. isn't technical for those who cannot
realize how much powerful can be a xss, especially if persistent.

2) people who use xss on pentests/real hacking/anything but phishing are
lame and only use it because they cannot write real exploits (non-web)
or
couldnt find any other web bugs (sql injection, cmd exec,file include,
whatever)
Imho the pentesting will move day by day closer to web applications
flaws testing, since the web applications are self written by webmasters
and more exposed to possible bugs. Concerning sql inj or rfi are not
more difficult to be discovered..

3) XSS does not have a place on this list or any other security list and
i
remember when the idea of making a seperate bugtraq for xss was proposed
and
i still think it should be done.
Dunno about that, even if i agree that all the xss flaws found should
not be reported here, they would be too much.

4) if you go into a pentest/audit and all you get out is xss then its a
failed pentest and the customer should get a refund.
I don't agree with this too for the same reasons as before.

5) publishing xss shows your weakness and that you dont have the ability
to
find actual bugs ( b/c xss isnt a vuln its crap )
Imho a xss is a vuln as much as the others, since if used smartly could
get quite dangerous.

Reading a report from zone-h i read that the most effective hacking
cause it's the xss.. i don't know if i shall agree with this, but
obviously it should make us think about it.

bye

/nexus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHLitaVVYXVqV+ctMRAkcEAKCLXroIu80OemE/m/voaN4iczrJigCfTH3Q
EJOb41+Eex4lFNy1AHJ9xhE=
=ICJh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Evolution of Cross-Site Scripting Attacks
    ... It seems today that Cross-Site Scripting (XSS) holes in popular ... web applications are being discovered and disclosed at an ever- ... zeno of cgisecurity.com has also just released a great FAQ ...
    (Vuln-Dev)
  • Evolution of Cross-Site Scripting Attacks
    ... It seems today that Cross-Site Scripting (XSS) holes in popular ... web applications are being discovered and disclosed at an ever- ... zeno of cgisecurity.com has also just released a great FAQ ...
    (Bugtraq)
  • Re: [Full-disclosure] on xss and its technical merit
    ... making up a fake resume like i made a fake company so I ignored them... ... compared to other vulnerabilities xss is way down on the scale ... Imho the pentesting will move day by day closer to web applications ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
    ... I have some questions about this report. ... This web site requires a login. ... Finally, your subject line says there is XSS, but your report does not ...
    (Bugtraq)