Re: Sourceforge.net XSS



Gee. you are right, my bad.

Related to the topic, there are other ways apart from
email to lure people and have an XSS in a URL executed
at their computers, Blogs and Bug tracking systems are
a good example.

You simple post a comment with a malicious URL, in
this case the malicious code is not executed just by
seeing the page but by clicking in a link (on
copy&paste in case of a text link). Just one more step
than a regular XSS stored at server side.

Definitely it is more complex since you have to "go
phishing", but still doable and dangerous.

Regards and sorry again,
JC

=There are many naive and desperate people out there=

--- v9 <v9@xxxxxxxxxxx> escribió:

alright. folks, enough with the unrelated XSS
stories, for the last time,
i'm simply saying not all XSS are the same...i am
talking about XSS that
doesn't get saved on the server and has to be
included in the url... i
don't know how much more clear to make this.

"http://something.com/...?[XSS HERE]" style.

i'm quite aware of samy's myspace worm, good idea,
however that is
completely different from what i am and have been
talking about.

samy's worm was stored on the server and shown to
all who viewed his
myspace page. these kind of XSS are in a url you'd
have to create
yourself, you wouldn't ever stroll across this, as
you have to make it in
the url to work.

so as i said before, encoded/phishing (emails) is
about the only possible
use for these that i can see, and not even to a good
extent(easier
to just use the usual <A HREF> style misdirection,
and has more options).
if someone can tell me otherwise, post a RELATED
reply. (ie. in-url XSS)


On Mon, 17 Apr 2006, Juan C Calderon wrote:

Hello,

I want to share with you this information I got
from
this same list back in April 5th, It is about a
virus
created with an XSS at a myspace website (check
the
list archives).

Myspace.com - Intricate Script Injection
Vulnerability
advisory
http://www.silent-products.com/advisory4.5.06.txt

The myspace hack story
http://fast.info/myspace/

There are very interesting links at the end of
this
paper relating to XSS viruses and their
differences
with traditional viruses.
http://www.bindshell.net/papers/xssv.html

hope it is interesting to you, this is just a
little
example of what a XSS can do,

Cheers,
JC

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y
antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/




__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/



Relevant Pages

  • Re: [Full-disclosure] on xss and its technical merit
    ... In this case 10000 XSS sounds a lot more valuable. ... server running the ftpd daemon) or the data/personal machines of the users ... Keep in mind that many client side exploits are XSS for the browser, ...
    (Full-Disclosure)
  • [Full-Disclosure] Eudora Worldmail Server 2.0 -XSS Injection
    ... Server: ISOCOR web500gw 2.0.0.3 ... enter sum cool XSS... ... I belive LDAP has some DCOM connectivity, and there could be issues with the LDAP... ... Vendor Fix: ...
    (Full-Disclosure)
  • Re: [Full-disclosure] on xss and its technical merit
    ... In this case 10000 XSS sounds a lot more valuable. ... server running the ftpd daemon) or the data/personal machines of the users ... Google Search Interface is as valuable as remotely exploitable buffer ...
    (Full-Disclosure)
  • [NT] LiteServe Directory Index Cross-Site Scripting
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Web, email and FTP server. ... This is similar to the Apache XSS of last month. ...
    (Securiteam)
  • Re: CSS implication
    ... Although very simular to XSS writting SSI, PHP, or any other kind of server ... but rather a remote file writting vulnerability. ...
    (Vuln-Dev)