Re: Can you exploit this XSS?

From: Robin (robin_at_technophobia.co.uk)
Date: 11/19/03

Next message: Paul Johnston: "Re: Can you exploit this XSS?"

Previous message: Paul Johnston: "Can you exploit this XSS?"
In reply to: Paul Johnston: "Can you exploit this XSS?"
Next in thread: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Paul Johnston: "Re: Can you exploit this XSS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Nov 2003 16:27:49 +0000
To: Paul Johnston <paul@westpoint.ltd.uk>

Just by virtue of being able to get script into the page it can be
exploited. What can be gained from the exploit is dependant on what the
app/site does.

XSS is commonly used to collect session id's so an attacker could gather
those using this weakness.

Robin

Paul Johnston wrote:

> Hi,
>
> While auditing a web app, I've found the site redirects not found
> pages to a login screen. This contains an element like:
>
> <input type="hidden" name="tageturl" value="XXX">
>
> Now, the XXX bit is controlled by the user, and it seems the only
> characters escaped are " and & - i.e.
> <script>alert(document.cookie)</script> gets through (hence my tool
> alerted me).
>
> Can this be exploited for XSS? I can't see how to immediately, but it
> seems possible.
>
> Paul
>

-- 
--------------------------------------------
Robin Wood
TechnoPhobia Limited
--------------------------------------------
Phone: +44 (0)114 2212123
Fax: +44 (0)114 2212124
Email: robin@technophobia.co.uk
WWW: http://www.technophobia.com
Registered in England and Wales Company No. 3063669
VAT registration No. 5987858 42
The contents of this e-mail are confidential to the addressee and are
intended solely for the recipients use.
If you are not the addressee, you have received this e-mail in error. Any
disclosure, copying, distribution or action taken in reliance on it is
prohibited and may be unlawful.
Any opinions expressed in this e-mail are those of the author personally and
not TechnoPhobia Limited who do not accept responsibility for the contents
of the message.
All e-mail communications, in and out of TechnoPhobia, are recorded for
monitoring purposes.

Next message: Paul Johnston: "Re: Can you exploit this XSS?"

Previous message: Paul Johnston: "Can you exploit this XSS?"
In reply to: Paul Johnston: "Can you exploit this XSS?"
Next in thread: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Paul Johnston: "Re: Can you exploit this XSS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Hacking USB Thumbdrives, Thumprint authentication
... but if the encryption key was built up based on the print then ... >thumbprint is going to be on the pad unelss they carefully wipe it off after ... VAT registration No. 5987858 42 ... If you are not the addressee, you have received this e-mail in error. ...
(Vuln-Dev)
Re: Hacking USB Thumbdrives, Thumprint authentication
... but if the encryption key was built up based on the print then ... VAT registration No. 5987858 42 ... If you are not the addressee, you have received this e-mail in error. ...
(Vuln-Dev)