Re: Can you exploit this XSS?

From: Robin (robin_at_technophobia.co.uk)
Date: 11/19/03

  • Next message: Paul Johnston: "Re: Can you exploit this XSS?"
    Date: Wed, 19 Nov 2003 16:27:49 +0000
    To: Paul Johnston <paul@westpoint.ltd.uk>
    
    

    Just by virtue of being able to get script into the page it can be
    exploited. What can be gained from the exploit is dependant on what the
    app/site does.

    XSS is commonly used to collect session id's so an attacker could gather
    those using this weakness.

    Robin

    Paul Johnston wrote:

    > Hi,
    >
    > While auditing a web app, I've found the site redirects not found
    > pages to a login screen. This contains an element like:
    >
    > <input type="hidden" name="tageturl" value="XXX">
    >
    > Now, the XXX bit is controlled by the user, and it seems the only
    > characters escaped are " and & - i.e.
    > <script>alert(document.cookie)</script> gets through (hence my tool
    > alerted me).
    >
    > Can this be exploited for XSS? I can't see how to immediately, but it
    > seems possible.
    >
    > Paul
    >

    -- 
    --------------------------------------------
    Robin Wood
    TechnoPhobia Limited
    --------------------------------------------
    Phone: +44 (0)114 2212123
    Fax: +44 (0)114 2212124
    Email: robin@technophobia.co.uk
    WWW: http://www.technophobia.com
    Registered in England and Wales Company No. 3063669
    VAT registration No. 5987858 42
    The contents of this e-mail are confidential to the addressee and are
    intended solely for the recipients use.
    If you are not the addressee, you have received this e-mail in error. Any
    disclosure, copying, distribution or action taken in reliance on it is
    prohibited and may be unlawful.
    Any opinions expressed in this e-mail are those of the author personally and
    not TechnoPhobia Limited who do not accept responsibility for the contents
    of the message.
    All e-mail communications, in and out of TechnoPhobia, are recorded for
    monitoring purposes.
    

  • Next message: Paul Johnston: "Re: Can you exploit this XSS?"

    Relevant Pages

    • Re: Hacking USB Thumbdrives, Thumprint authentication
      ... but if the encryption key was built up based on the print then ... >thumbprint is going to be on the pad unelss they carefully wipe it off after ... VAT registration No. 5987858 42 ... If you are not the addressee, you have received this e-mail in error. ...
      (Vuln-Dev)
    • Re: Hacking USB Thumbdrives, Thumprint authentication
      ... but if the encryption key was built up based on the print then ... VAT registration No. 5987858 42 ... If you are not the addressee, you have received this e-mail in error. ...
      (Vuln-Dev)