Re: XSS LAB DEMO IDEAS

From: Loki (loki@fatelabs.com)
Date: 01/06/03

Next message: Mark Curphey: "Re: XSS LAB DEMO IDEAS"

Previous message: Jeremy Junginger: "XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Mark Curphey: "Re: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Loki" <loki@fatelabs.com>
To: "Jeremy Junginger" <jj@act.com>, "pen-test" <pen-test@securityfocus.com>
Date: Mon, 06 Jan 2003 09:41:12 -0800

Recently having done this for my employer, what I did was
combed Bugtraq archives for keyword searches on xss or
cross-site vulnerabilities. After doing so you can
identify software packages (postnuke, apalachian web site,
et. al) and the version #s of affected releases.

After doing so, I setup a linux box, mysql, and the
different vulnerable software packages that were
identified and began to xss away.

Food for thought.

Loki
http://www.fatelabs.com

On Mon, 6 Jan 2003 10:00:48 -0700
"Jeremy Junginger" <jj@act.com> wrote:
>After reading the papers by iDefense and the paper at
>http://www.technicalinfo.net/papers/CSS.html , I would
>like to put a
>working example together to familiarize our web
>developers with XSS
>vulnerabilities and their impact on the web site (and
>business). I
>would like to poll the group for interesting ways to
>demonstrate these
>vulnerabilities in a lab environment. Thanks for taking
>the time to
>give your input.
>
>-Jeremy
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security
>Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA
>service which
>automatically alerts you to the latest security
>vulnerabilities please see:
>https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Mark Curphey: "Re: XSS LAB DEMO IDEAS"
Previous message: Jeremy Junginger: "XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Mark Curphey: "Re: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Cross Site Scripting Vulnerabilities - XSS
... > I am kinda new to XSS, but am intrigued by how it works. ... >> these vulnerabilities that they are happy to ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Cross Site Scripting Vulnerabilities - XSS
... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Cross Site Scripting Vulnerabilities - XSS
... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
RE: Cross Site Scripting Vulnerabilities - XSS
... I am kinda new to XSS, but am intrigued by how it works. ... Cross Site Scripting Vulnerabilities - XSS ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
RE: Laboratory Setup Help (RS)
... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >> vulnerabilities please see: ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)