Hosting Provided By

Re: XSS LAB DEMO IDEAS

From: Fermín J. Serna <fjserna(at)ngsec.com>
Date: Wed Jan 08 2003 - 15:06:42 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi:

You can also take a look at our WhitePaper:

11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document describes a new way to exploit Cross Site Scripting (XSS) vulnerabilities. It uses an iPlanet XSS vulnerability as a case study.

Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/

It just describes the case of using a XSS to redirect admin browser so it will exploit an open() perl bug in a protected (f.e. apaches's .htaccess) area. In few words, authoritation bypass.

Best Regards,

- Fermín J. Serna @ NGSEC Next Generation Security Technologies http://www.ngsec.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR 2wk7Kqe+N5yyE1gVUdsjtKc=
=HaJd
-----END PGP SIGNATURE-----

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Wed Jan 8 17:38:28 2003

Do you need help?

This message: [ Message body ]
Next message: Jeremy Junginger: "RE: XSS LAB DEMO IDEAS"
Previous message: Joe Luna: "PerlModule Apache::AuthDBI"
Maybe in reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
In reply to cc_mofo(at)hushmail.com: "IIS 5.0 with Integrated Window Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT