Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Exploiting XSS
From: Ti <tabacco2000 () alice it>
Date: Fri, 12 Dec 2008 18:02:53 +0100

Whitehat wrote:
I wanted to do more and show to the customer, apart from normal script
injection  and  getting it popped up.


IMHO you need a good knowledge of client side scripting languages
especially in javascript to do more and more. May be also creativity.

Anyway there are tools that can help you for special effects:

 BeFF http://www.bindshell.net/tools/beef/

 Anehta http://code.google.com/p/anehta/

The first is prensent in BackTrack if you like it. I have never tried
the second...


  2. How an attacker can really make  use of  it?


An example of the power of xss is Samy, an xss virus. In less than 24
hours it infected more than one million users. Nice.

 http://namb.la/popular/tech.html

In any case, to understand what you can do try to respond to this
question: "what can I do if I can inject some arbitrary client side code?".


  3. How to Compromise ??


In some cases you can compromise the client, but not the server because
xss is a client side attack, of course :-)
You should think of xss as the thing that helps you to spread your
client side attacks. So to compromise you need also a great browser vuln.


Looking for few good inputs/imlementations/expolits/BooKs ..............


Some nice papers are:

- Cross Site Scripting Virus (http://www.bindshell.net/papers/xssv/)

- XSS Tunnelling
(http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf)

- I.P. Exploitation
(http://www.ngssoftware.com/research/papers/InterProtocolExploitation.pdf)


ciao,
        Francesco Matarazzo




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]