RE: XSS LAB DEMO IDEAS
From: Jeremy Junginger (jj@act.com)
Date: 01/08/03
- Previous message: Fermín J. Serna: "Re: XSS LAB DEMO IDEAS"
- Maybe in reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
- Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: XSS LAB DEMO IDEAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 8 Jan 2003 10:09:01 -0700 From: "Jeremy Junginger" <jj@act.com> To: "pen-test" <pen-test@securityfocus.com>
Thanks for the ideas, guys. I'm running into a bit of technical
trouble, though. Perhaps you could shed some light?
I now have a "victim" web server set up that I can test XSS on, and I
have also set up an "attacker" web server that basically sits there and
eats cookies via CGI, storing them to a local directory. The next
question may seem very rudimentary, but can you just write those to your
user's "cookie" folder and "hijack" their session to the web site? I
know I'm missing something ::scratching my head::
-Jeremy
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: John Madden: "SQL Vulnerabilty Assesment"
- Previous message: Fermín J. Serna: "Re: XSS LAB DEMO IDEAS"
- Maybe in reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
- Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: XSS LAB DEMO IDEAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
