Penetration Testing: RE: XSS LAB DEMO IDEAS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: XSS LAB DEMO IDEAS

From: "Jeremy Junginger" <jj () act com>
Date: Wed, 8 Jan 2003 10:09:01 -0700

Thanks for the ideas, guys.  I'm running into a bit of technical
trouble, though.  Perhaps you could shed some light?

I now have a "victim" web server set up that I can test XSS on, and I
have also set up an "attacker" web server that basically sits there and
eats cookies via CGI, storing them to a local directory.  The next
question may seem very rudimentary, but can you just write those to your
user's "cookie" folder and "hijack" their session to the web site?  I
know I'm missing something ::scratching my head::

-Jeremy

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

By Date By Thread

Current thread:

Re: XSS LAB DEMO IDEAS, (continued)
- Re: XSS LAB DEMO IDEAS Loki (Jan 06)
- Re: XSS LAB DEMO IDEAS Kevin Spett (Jan 06)
- Re: XSS LAB DEMO IDEAS Mark Curphey (Jan 06)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 07)
- Re: XSS LAB DEMO IDEAS Fermín J . Serna (Jan 08)
- RE: XSS LAB DEMO IDEAS Jeremy Junginger (Jan 08)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 10)