Re: XSS LAB DEMO IDEAS
From: Fermín J. Serna (fjserna@ngsec.com)
Date: 01/08/03
- Previous message: Joe Luna: "PerlModule Apache::AuthDBI"
- Maybe in reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
- Next in thread: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 8 Jan 2003 20:06:42 +0000 (GMT) From: Fermín J. Serna <fjserna@ngsec.com> To: pen-test@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi:
You can also take a look at our WhitePaper:
- 11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document
describes a new way to exploit Cross Site Scripting (XSS)
vulnerabilities. It uses an iPlanet XSS vulnerability as a case study.
Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/
It just describes the case of using a XSS to redirect admin browser
so it will exploit an open() perl bug in a protected (f.e. apaches's
.htaccess) area. In few words, authoritation bypass.
Best Regards,
- -
Fermín J. Serna @ NGSEC
Next Generation Security Technologies
http://www.ngsec.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR
2wk7Kqe+N5yyE1gVUdsjtKc=
=HaJd
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
- Previous message: Joe Luna: "PerlModule Apache::AuthDBI"
- Maybe in reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
- Next in thread: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
