Re: Exploiting XSS



please see inline responses...

I'm doing a WAPT for a website and found many XSS issues (both Stored
and Reflected).
I wanted to do more and show to the customer, apart from normal script
injection and getting it popped up.

Consider that u found an XSS issue in a field and your script is running,

1. Now what are the further steps for exploiting XSS completely????

own the client

2. How an attacker can really make use of it?

owning the client

3. How to Compromise ??

client side attacks

4. What are the real world scenarios can be used


malware delivery, phishing, credental theft


Looking for few good inputs/imlementations/expolits/BooKs ..............


obviously you need them


Thanks in advance,

Cheers,
White hat


ummm... your realy a pentester?

















------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • RE: My Frustrations
    ... If you are not an intended recipient you ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • [Fwd: Re: My Frustrations]
    ... Subject: My Frustrations ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • RE: Pen testing web servers
    ... I haven't had any hands-on time with NTOspider so am ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: OSCP
    ... I took the OSCP training earlier this year and thought it was fantastic. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Cheat Sheets
    ... I am looking for cheat sheets that i can use during work and quick reference ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)