Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: XSS LAB DEMO IDEAS
From: Fermín J. Serna <fjserna () ngsec com>
Date: Wed, 8 Jan 2003 20:06:42 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi:

You can also take a look at our WhitePaper:

  - 11/19/2002 - iPlanet NG-XSS Vulnerability Analysis: This document
  describes a new way to exploit Cross Site Scripting (XSS)
  vulnerabilities. It uses an iPlanet XSS vulnerability as a case study.

Download it at: http://www.ngsec.com/ngresearch/ngwhitepapers/

It just describes the case of using a XSS to redirect admin browser
so it will exploit an open() perl bug in a protected (f.e. apaches's
.htaccess) area. In few words, authoritation bypass.

Best Regards,

- -
Fermín J. Serna @ NGSEC
Next Generation Security Technologies
http://www.ngsec.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE+HITZjqrDERN0jroRAr+SAJwIM0NC2lDMZFIaXjVE/UR1aoV2CwCgjQsR
2wk7Kqe+N5yyE1gVUdsjtKc=
=HaJd
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]