Re: Exploiting XSS
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Fri, 5 Dec 2008 11:55:22 -0800
please see inline responses...
I'm doing a WAPT for a website and found many XSS issues (both Stored
and Reflected).
I wanted to do more and show to the customer, apart from normal script
injection and getting it popped up.
Consider that u found an XSS issue in a field and your script is running,
1. Now what are the further steps for exploiting XSS completely????
own the client
2. How an attacker can really make use of it?
owning the client
3. How to Compromise ??
client side attacks
4. What are the real world scenarios can be used
malware delivery, phishing, credental theft
Looking for few good inputs/imlementations/expolits/BooKs ..............
obviously you need them
Thanks in advance,
Cheers,
White hat
ummm... your realy a pentester?
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- References:
- Exploiting XSS
- From: Whitehat
- Exploiting XSS
- Prev by Date: Re: Sql injection in search filed
- Next by Date: Re: Rogue Access Point Alerting
- Previous by thread: Re: Exploiting XSS
- Next by thread: Re: Exploiting XSS
- Index(es):
Relevant Pages
|
