Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Exploiting XSS
From: "Ulisses Castro (thebug)" <uss.thebug () gmail com>
Date: Wed, 3 Dec 2008 15:14:37 -0200


You can find good stuff on OWASP:

In references you can find good stuff, also good stuff to show how
real world works. ;)

For real world case you can find nice walkthrough here:


Ulisses Castro (thebug)
uss.thebug () gmail com

On Wed, Dec 3, 2008 at 3:05 AM, Ravi Gopal <ravigopalt () gmail com> wrote:
Dear List,

I'm doing a WAPT for a website and found many XSS issues (both Stored and
I wanted to do more and show to the customer, apart from normal script
 injection  and  getting it popped up.

Consider that u found an XSS issue in a field and your script is running,

 1. Now what are the further steps for exploiting XSS completely????
 2. How an attacker can really make  use of  it?
 3. How to Compromise ??
 4. What are the real world scenarios can be used

Looking for few good inputs/imlementations/expolits/BooKs ..............

Thanks in advance,

White hat

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]