|
Penetration Testing
mailing list archives
Re: XSS LAB DEMO IDEAS
From: "Loki" <loki () fatelabs com>
Date: Mon, 06 Jan 2003 09:41:12 -0800
Recently having done this for my employer, what I did was
combed Bugtraq archives for keyword searches on xss or
cross-site vulnerabilities. After doing so you can
identify software packages (postnuke, apalachian web site,
et. al) and the version #s of affected releases.
After doing so, I setup a linux box, mysql, and the
different vulnerable software packages that were
identified and began to xss away.
Food for thought.
Loki
http://www.fatelabs.com
On Mon, 6 Jan 2003 10:00:48 -0700
"Jeremy Junginger" <jj () act com> wrote:
After reading the papers by iDefense and the paper at
http://www.technicalinfo.net/papers/CSS.html , I would
like to put a
working example together to familiarize our web
developers with XSS
vulnerabilities and their impact on the web site (and
business). I
would like to poll the group for interesting ways to
demonstrate these
vulnerabilities in a lab environment. Thanks for taking
the time to
give your input.
-Jeremy
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security
Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA
service which
automatically alerts you to the latest security
vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
