Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Cross Site Scripting Vulnerabilities - XSS
From: "Jeff Williams" <jeff.williams () aspectsecurity com>
Date: Tue, 6 Aug 2002 11:08:40 -0400

Check out websleuth -- it takes a little work, but it can do what you
want. The technique is pretty simple -- send a few test tags into each
form field and then see if the responses contain the tag. If so, it's
vulnerable.  Not a terribly sophisticated test, but it'll do since in
most cases there's no reason not to filter out the tags.

http://www.geocities.com/dzzie/sleuth/

--Jeff

Jeff Williams
Aspect Security, Inc.
Securing the Last Mile of the Internet
www.aspectsecurity.com
Jeff.Williams () aspectsecurity com

----- Original Message -----
From: "Jason binger" <cisspstudy () yahoo com>
To: <pen-test () securityfocus com>
Sent: Sunday, August 04, 2002 1:52 AM
Subject: Cross Site Scripting Vulnerabilities - XSS


Has anyone on the list done much with testing for XSS
vulnerabilities?

Has anyone written a simple work program to test for
these vulnerabilities that they are happy to
distribute so others can do basic testing for these
vulnerabilities?

There a few papers out on this topic, but none that I
hve seen that really focus on the testing side of
things.

Thanks

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

----------------------------------------------------------------------
------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]