Re: XSS Questions

Thus spake John Madden <chiwawa999@yahoo.com> On Sat, 7 Dec 2002 06:36:17 -0800 (PST):
> Hello all,
 

[clip]  

> What is the real vulnerability if the site in

Here's one possibility, if the script that's vulnerable to the XSS attack is using an HTTP GET method for input gathering, you can throw in all your javascript as part of the href in an anchor tag, so that it's not as easily noticeable, and send the link to an unwary user. Then make the javascript send you their document.cookie. For instance,

(A href="stupid_site.com/stupid.asp?var=<script>alert('xss');</script>") Fun and perfectly harmless link! (/a)

Send that to someone in an HTML email, AOL IM conversation, etc. and you'll probably get many unwary/ignorant people.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

However, if stupid.asp uses an HTTP POST, you can just make a little page on a website with a form that exploits it through hidden values, as such,

(input type="hidden" name="var" value="<script>alert('xss');</script>")

which would be harder to detect. And, if you're feeling creative, you could even make it non-hidden, and add a javascript function to change the value of the input to whatever you want with an onSubmit trigger.

Just my thoughts on the issue. XSS is a lot of fun :-P. Best of luck.

-Bryan