Hosting Provided By

XSS

From: John Madden <chiwawa999(at)yahoo.com>
Date: Tue Dec 10 2002 - 09:38:53 EST

Hello all,

Being new to XSS and seing alot of messages in the last couple weeks on the subject got me wondering...

What is the real vulnerability if the site in questions is vulnerable to XSS but does not let you write any malicious scripts on the system, like message board, forums etc... ? Can anything be done to exploit XSS if the above scenario occurs ? I know it depends on the web server, packages installed etc... I'm asking in generaly is it possible ?

You can do the document.cookie and view your cookie, that migth give a hint on the structure but... or redirect yourself to another web site :) etc...

I've read the document on XSS by David Endler http://www.idefense.com/papers.html but still have some questions.

If possible, can the XSS guru's on the list shed some light on the subject.

Thanks for your time,

Cheers

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Received on Tue Dec 10 09:59:30 2002

Do you need help?

This message: [ Message body ]
Next message: Andrew Jaquith: "Re: JSP Security - Limiting URL's"
Previous message: Ivan Ristic: "Apache module: mod_security"
Next in thread: Eyal Udassin: "RE: XSS"
Reply: Eyal Udassin: "RE: XSS"
Reply: Kevin Spett: "Re: XSS"
Reply: zeno: "Re: XSS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT