Nice write up. I think it is worth noting that this problem also
impacts local
HTML content. For example, help files installed by programs to the local hard
disk. HTML content isn't just html files, but also CHM files and binaries
containing an HTML resource. Not many people pen-test local files for
XSS, but
this can allow an attacker to elevate privilege into the My Computer
zone. This
attack is documented in Writing Secure Code 2nd Ed. pp418-420.
XSS bugs caused by client side script is often referred to as "Local XSS".
Tom
Quoting contact_at_webappsec.org:
> The Web Application Security Consortium is proud to present 'DOM
> Based Cross Site Scripting or XSS of
> the Third Kind: A look at an overlooked flavor of XSS ' written by
> Amit Klein. In this article Amit
> focuses on a little known variant of Cross Site Scripting which
> attacks a user's client without
> sending malicious content to the web server.
>
>
> This document can be found at
> http://www.webappsec.org/projects/articles/071105.shtml .
>
> Regards,
>
> - Robert Auger
>
> articles_at_webappsec.org
> http://www.webappsec.org
>
> ------------------------------------------------------------------------------------
> Are you interested in writing a 'Guest Article' for the WASC?
> Additional information
> on article guidelines may be found at
> http://www.webappsec.org/articles/. Inquires
> can be sent to articles_at_webappsec.org
>
> "Contributed articles may include industry best practices, technical
> information about
> current issues, innovative defense techniques, etc. NO VENDOR PITCHES
> OR MARKETING
> GIMMICKS PLEASE. We are only soliciting concrete information from the
> experts on the
> front lines of the web application security field."
> http://www.webappsec.org
> ------------------------------------------------------------------------------------
>
>
Received on Jul 11 2005
Intro
