Re: XSS vulnerabiilty testing and impact

From: "Robert E. Lee" <robert@xxxxxxxxxxxxx>
Date: Thu, 27 Jul 2006 03:46:25 -0700

On Thu, 27 Jul 2006 09:33:50 +0800
"Rick Zhong" <sagiko@xxxxxxxxx> wrote:

My question is if the user inputs are not displayed to any other users
ANYWHERE in the application, what's the impact of this XSS
vulnerability? Or are we still consider this as an XSS vulnerability?
Can malicious intruders still take advantage of this?

Yes, it is still considered XSS by many (most?). It's usually only a real problem if the XSS is exploitable pre-authentication. If it is a pre-auth XSS, an attacker can use a phishing scenario to collect valid login credentials. This attack is greatly aided when the site also has SSL, as the user will be able to verify that they are indeed talking to https://www.theirrealbank.com... but the content of the page will be controlled by the attacker through the pre-auth XSS.

There are likely other bad scenarios, but that's the one I usually think of when I see it.

Robert

--
Robert E. Lee
Chief Security Officer
http://www.outpost24.com

phone: (949) 394-2033
fax : +46-(0)455-13960
email: robert@xxxxxxxxxxxxx

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

References:
- XSS vulnerabiilty testing and impact
  - From: Rick Zhong

Prev by Date: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)
Next by Date: Re: [lists] RE: CS-Mars appliance
Previous by thread: Re: XSS vulnerabiilty testing and impact
Next by thread: RE: XSS vulnerabiilty testing and impact
Index(es):
- Date
- Thread

Relevant Pages

Re: [lists] Re: What to spend on a pentest
... Only the vulnerability test needs to be performed by a visa certified vulnerability tester. ... You'll notice the annual pen-test requirement in 11.3 doesn't specify that ... > Officer Information Systems Security infosysec.net ... You have an option to go with a managed service (Cenzic ...
(Pen-Test)
Re: [lists] Re: What to spend on a pentest
... The PCI standard does require a business obtain quarterly vulnerability ... You'll notice the annual pen-test requirement in 11.3 doesn't specify that ... > Officer Information Systems Security infosysec.net ... You have an option to go with a managed service (Cenzic ...
(Pen-Test)
Re: Vulnerability Assessment vs. PenTest
... They do most of the banner grabbing, hence, it is important for the security tester to have the experience and knowledge to identify which are false positives. ... Subject: Vulnerability Assessment vs. PenTest ... > Download FREE whitepaper on how a managed service can help ...
(Pen-Test)
Re: how an hacker can bypass a chrooted environement ?
... Although this specific vulnerability has been patched, ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service can ...
(Pen-Test)
Re: Is there an Open Source Vulnerability Analysis Framework?
... Is there an Open Source Vulnerability Analysis Framework? ... end-to-end framework for security assessment. ... Download FREE whitepaper on how a managed service can ...
(Pen-Test)