Hosting Provided By

Re: XSS Tunnelling White Paper and Tool

From: Security Guy <security(at)sligoinc.com>
Date: Wed Jul 11 2007 - 08:57:26 EDT

This is very cool. This is a perfect example of an alternate means to exploit lazy admins :)

Consider a small/medium managed hosting company with public support forums. The forums aren't high on anyone's list to secure because they've got better things to do. Mallory discovers some exploits in the forum (or just un-checked HTML in postings) and posts an XSS described in the whitepaper into the forums. Bob, the admin browses the forums, gets infected and then browses to the admin interface of one of his customer's boxes. Mallory now has control over the managed server.

Better yet, embedded in a message to an HTML email client (to one of those services that doesn't sanitize properly). The possibilities are endless...

Thanks for the brilliant XSS demo tool.

On 7/10/07, Ferruh Mavituna <ferruh@mavituna.com> wrote:
> XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS
> Channel. Thus any application with HTTP proxy support can tunnel its
> traffic through an XSS Channel (a channel opened by a tool like XSS
> Shell).
>

--

Lasciate ogne speranza, voi ch'intrate

Received on Wed Jul 11 15:16:31 2007

This message: [ Message body ]
Next message: Andres Riancho: "TippingPoint detection bypass"
Previous message: James E. Jones: "0day linux 2.6 /dev/mem rootkit found"
In reply to: Ferruh Mavituna: "XSS Tunnelling White Paper and Tool"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 17:55:44 EDT