Re: XSS LAB DEMO IDEAS

From: Fermín J. Serna (fjserna@ngsec.com)
Date: 01/08/03

  • Next message: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
    Date: Wed, 8 Jan 2003 20:06:42 +0000 (GMT)
    From: Fermín J. Serna <fjserna@ngsec.com>
    To: pen-test@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi:

    You can also take a look at our WhitePaper:

      - 11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document
      describes a new way to exploit Cross Site Scripting (XSS)
      vulnerabilities. It uses an iPlanet XSS vulnerability as a case study.

    Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/

    It just describes the case of using a XSS to redirect admin browser
    so it will exploit an open() perl bug in a protected (f.e. apaches's
    .htaccess) area. In few words, authoritation bypass.

    Best Regards,

    - -
    Fermín J. Serna @ NGSEC
    Next Generation Security Technologies
    http://www.ngsec.com

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Made with pgp4pine 1.75-6

    iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR
    2wk7Kqe+N5yyE1gVUdsjtKc=
    =HaJd
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/



    Relevant Pages

    • RE: [Full-disclosure] RE:DONT SEND ME AGAIN PLS
      ... XSS vulnerabilities in Google.com ... XSS vulnerabilities in Google.com (GroundZero Security) ... It lists the folks that they might ...
      (Full-Disclosure)
    • RE: Scanners and unpublished vulnerabilities - Full Disclosure
      ... http://eEye.com/Retina - Network Security Scanner ... | Subject: RE: Scanners and unpublished vulnerabilities - Full Disclosure ... I don't only want protection from 0 day exploits, ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: Cross Site Scripting Vulnerabilities - XSS
      ... > I am kinda new to XSS, but am intrigued by how it works. ... >> these vulnerabilities that they are happy to ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • RE: Scanners and unpublished vulnerabilities - Full Disclosure
      ... vulnerabilities that other products wont be able to. ... http://eEye.com/Retina - Network Security Scanner ... |> Alert Scheme the folks over at NGSSoftware announced yesterday. ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: PeopleSoft Vulnerabilities?
      ... Subject: PeopleSoft Vulnerabilities? ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)