Penetration Testing: Re: Exploiting XSS

["Adriel T. Desautels" <ad_lists () netragard com>]

Hi,
	You should forward your customers onto someone who knows the answers  
to those questions already. It frightens me to think that you are  
offering to provide security services to people when you don't know  
what it is that you are doing or why a risk is a risk.
On Dec 3, 2008, at 12:08 AM, Whitehat wrote:

> Dear List,
>
> I'm doing a WAPT for a website and found many XSS issues (both Stored
> and Reflected).
> I wanted to do more and show to the customer, apart from normal script
> injection  and  getting it popped up.
>
> Consider that u found an XSS issue in a field and your script is  
> running,
>  1. Now what are the further steps for exploiting XSS completely????
>  2. How an attacker can really make  use of  it?
>  3. How to Compromise ??
>  4. What are the real world scenarios can be used
>
> Looking for few good inputs/imlementations/expolits/ 
> BooKs ..............
> Thanks in advance,
>
> Cheers,
> White hat
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------