Hehehe think about the possibilities when you have the power to inject any
html/javascript you like in a webpage. Just take the google xss example from
that one site. A simple javascript source file was injected and it would
send back all the searched data to the hacker. Think about what you can use
that for, creditcard/paypal phishing? Stealing secure information? Ripping
cookie(document.cookie!!!)contents? I guess you yourself could think of more
examples yourself. You basicly set the point, people see XSS holes as pretty
harmless 'bugs' in their code but they should really be seen as high-risk
vulnerabilities.
----- Original Message -----
From: <v9_at_fakehalo.us>
To: <vuln-dev_at_securityfocus.com>
Sent: Wednesday, April 12, 2006 10:29 PM
Subject: Re: Sourceforge.net XSS
> Is it me, or do these XSS vulnerabilies not really count? I don't see a
> way this can be abused other than to yourself. In my book a XSS
> vulnerability must be stored on the server and displayed for others to
> view, otherwise whats the point? If i'm not getting the big picture,
> someone inform me...I don't mean to flame on you specifically, but I have
> seen alot of these "XSS in the URL" dealios lately.
Received on Apr 12 2006
Intro
