Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Exploiting XSS
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Fri, 5 Dec 2008 11:55:22 -0800

please see inline responses...

I'm doing a WAPT for a website and found many XSS issues (both Stored
and Reflected).
I wanted to do more and show to the customer, apart from normal script
injection  and  getting it popped up.

Consider that u found an XSS issue in a field and your script is running,

  1. Now what are the further steps for exploiting XSS completely????

own the client

  2. How an attacker can really make  use of  it?

owning the client

  3. How to Compromise ??

client side attacks

  4. What are the real world scenarios can be used


malware delivery, phishing, credental theft


Looking for few good inputs/imlementations/expolits/BooKs ..............


obviously you need them


Thanks in advance,

Cheers,
White hat


ummm... your realy a pentester?

















------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault