Home page logo
/

basics logo Security Basics mailing list archives

Paper: The Anatomy of Cross Site Scripting
From: Gavin Zuchlinski <gzuchlinski () pgsit org>
Date: Thu, 6 Nov 2003 16:20:02 -0500

Hi,
I recently wrote a paper about fully attacking cross site scripting:

"Cross site scripting (XSS) flaws are a relatively common issue in web 
application security, but they are still extremely lethal. They are unique in 
that, rather than attacking a server directly, they use a vulnerable server 
as a vector to attack a client. This can lead to extreme difficulty in 
tracing attackers, especially when requests are not fully logged (such as 
POST requests). Many documents discuss the actual insertion of HTML into a 
vulnerable script, but stop short of explaining the full ramifications of 
what can be done with a successful XSS attack.  While this is adequate for 
prevention, the exact impact of cross site scripting attacks has not been 
fully appreciated.  This paper will explore those possibilities."
The paper can be found at http://libox.net/xss_anatomy.php
(my apologies in advance about posting to multiple lists)

-Gavin
http://libox.net


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Paper: The Anatomy of Cross Site Scripting Gavin Zuchlinski (Nov 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]