Hosting Provided By

Re: XSS Questions

From: Martin Wasson <martin_wasson(at)mastercard.com>
Date: Tue Dec 10 2002 - 13:24:40 EST

John,
The vulnerability is in that the server does not sanitize data it sends to the client. Sanitizing input not withstanding, a server must sanitize it's output to avoid this lawlessness. Otherwise an eville haxor can get your site to send your customer a link to his site, wherein your customer's box can unwittingly execute malicious code, and BOOM !! therefore divulge lots of sensetive data., e.g. username, password, SSN, home address, etc. Get it? BOOM !!....John Madden..... I kill me. So accepting user input doesn't matter in this situation...it's the ouput, bro.

Marty Wasson
Web Security Admin
Mastercard International
martin_wasson@mastercard.com

                                                                                                                                       
                      John Madden                                                                                                      
                                          cc:       (bcc: Martin Wasson/STL/MASTERCARD)                                           
                                               Subject:  XSS Questions                                                                 
                      12/07/02 08:36 AM

Hello all,

Being new to XSS and seing alot of messages in the last couple weeks on the subject got me wondering...

What is the real vulnerability if the site in questions is vulnerable to XSS but does not let you write any malicious scripts on the system, like message board, forums etc... ? Can anything be done to exploit XSS if the above scenario occurs ? I know it depends on the web server, packages installed etc... I'm asking in generaly is it possible ?

Great you can do the document.cookie and view your cookie, that migth give a hint on the structure but... or redirect yourself to another web site :) etc...

I've read the document on XSS by David Endler http://www.idefense.com/papers.html but still have some questions.

Do you need help?

If possible, can the XSS guru's on the list shed some light on the subject.

Thanks for your time,

Cheers

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Tue Dec 10 16:36:52 2002

This message: [ Message body ]
Next message: Ben Meghreblian: "RE: ASP Files"
Previous message: Stephen Friedl: "Re: remote MAC address discovery?"
Maybe in reply to: John Madden: "XSS Questions"
Reply: Mr. The Brain: "Re: XSS Questions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT