[TOOL] XSS Tunneling White Paper and Tool
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 11 Jul 2007 10:34:10 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
XSS Tunneling White Paper and Tool
------------------------------------------------------------------------
SUMMARY
DETAILS
XSS Tunneling is the tunneling of HTTP traffic through an opened XSS
Channel. Thus any application with HTTP proxy support can tunnel its
traffic through an XSS Channel (a channel opened by a tool like XSS
Shell).
White paper is explaining XSS Tunneling, benefits, real worlds examples
and basic usage of XSS Tunnel (a local HTTP proxy for tunneling) tool.
XSS Tunneling Paper:
<http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf>
http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf
A Short Demonstration Video:
<http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip>
http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip
Video shows to exploit a permanent XSS in wordpress and bypass Basic Auth
on the fly by XSS Tunnel.
ADDITIONAL INFORMATION
The information has been provided by <mailto:ferruh@xxxxxxxxxxxx> Ferruh
Mavituna.
The original article can be found at:
<http://www.portcullis-security.com/16.php>
http://www.portcullis-security.com/16.php
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Internet Explorer Cross Browser Vulnerabilty (FirefoxURL)
- Next by Date: [NT] Microsoft Publisher 2007 Arbitrary Pointer Dereference (MS07-037)
- Previous by thread: [NT] Internet Explorer Cross Browser Vulnerabilty (FirefoxURL)
- Next by thread: [NT] Microsoft Publisher 2007 Arbitrary Pointer Dereference (MS07-037)
- Index(es):
