Re: XSS LAB DEMO IDEAS

From: Fermín J. Serna (fjserna@ngsec.com)
Date: 01/08/03

  • Next message: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
    Date: Wed, 8 Jan 2003 20:06:42 +0000 (GMT)
    From: Fermín J. Serna <fjserna@ngsec.com>
    To: pen-test@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi:

    You can also take a look at our WhitePaper:

      - 11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document
      describes a new way to exploit Cross Site Scripting (XSS)
      vulnerabilities. It uses an iPlanet XSS vulnerability as a case study.

    Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/

    It just describes the case of using a XSS to redirect admin browser
    so it will exploit an open() perl bug in a protected (f.e. apaches's
    .htaccess) area. In few words, authoritation bypass.

    Best Regards,

    - -
    Fermín J. Serna @ NGSEC
    Next Generation Security Technologies
    http://www.ngsec.com

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Made with pgp4pine 1.75-6

    iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR
    2wk7Kqe+N5yyE1gVUdsjtKc=
    =HaJd
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/