Penetration Testing: Re: Re: XSS/CSRF to a real command-shell

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Re: XSS/CSRF to a real command-shell

From: bin4ry () theknetgroup org
Date: 29 Apr 2008 06:53:16 -0000

There are already some products available:


Securiteam has a xss shell to backdoor websites:

http://www.securiteam.com/tools/6X00120HFO.html

Then there is 

http://www.portcullis-security.com/16.php

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

By Date By Thread

Current thread:

XSS/CSRF to a real command-shell Joseph McCray (Apr 22)
- Re: XSS/CSRF to a real command-shell Robin Wood (Apr 23)
  - Message not available
    - Re: XSS/CSRF to a real command-shell Robin Wood (Apr 23)
- <Possible follow-ups>
- Re: Re: XSS/CSRF to a real command-shell bin4ry (Apr 29)