Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Sourceforge.net XSS

Re: Sourceforge.net XSS

From: Juan C Calderon <johnccr_at_yahoo.com>
Date: Mon, 17 Apr 2006 14:13:17 -0500 (CDT)

Gee. you are right, my bad.

Related to the topic, there are other ways apart from
email to lure people and have an XSS in a URL executed
at their computers, Blogs and Bug tracking systems are
a good example.

You simple post a comment with a malicious URL, in
this case the malicious code is not executed just by
seeing the page but by clicking in a link (on
copy&paste in case of a text link). Just one more step
than a regular XSS stored at server side.

Definitely it is more complex since you have to "go
phishing", but still doable and dangerous.

Regards and sorry again,
JC

=There are many naive and desperate people out there=

 --- v9 <v9_at_fakehalo.us> escribió:

> alright. folks, enough with the unrelated XSS
> stories, for the last time,
> i'm simply saying not all XSS are the same...i am
> talking about XSS that
> doesn't get saved on the server and has to be
> included in the url... i
> don't know how much more clear to make this.
>
> "http://something.com/...?[XSS HERE]" style.
>
> i'm quite aware of samy's myspace worm, good idea,
> however that is
> completely different from what i am and have been
> talking about.
>
> samy's worm was stored on the server and shown to
> all who viewed his
> myspace page. these kind of XSS are in a url you'd
> have to create
> yourself, you wouldn't ever stroll across this, as
> you have to make it in
> the url to work.
>
> so as i said before, encoded/phishing (emails) is
> about the only possible
> use for these that i can see, and not even to a good
> extent(easier
> to just use the usual <A HREF> style misdirection,
> and has more options).
> if someone can tell me otherwise, post a RELATED
> reply. (ie. in-url XSS)
>
>
> On Mon, 17 Apr 2006, Juan C Calderon wrote:
>
> > Hello,
> >
> > I want to share with you this information I got
> from
> > this same list back in April 5th, It is about a
> virus
> > created with an XSS at a myspace website (check
> the
> > list archives).
> >
> > Myspace.com - Intricate Script Injection
> Vulnerability
> > advisory
> > http://www.silent-products.com/advisory4.5.06.txt
> >
> > The myspace hack story
> > http://fast.info/myspace/
> >
> > There are very interesting links at the end of
> this
> > paper relating to XSS viruses and their
> differences
> > with traditional viruses.
> > http://www.bindshell.net/papers/xssv.html
> >
> > hope it is interesting to you, this is just a
> little
> > example of what a XSS can do,
> >
> > Cheers,
> > JC
> >
> > __________________________________________________
> > Correo Yahoo!
> > Espacio para todos tus mensajes, antivirus y
> antispam ¡gratis!
> > Regístrate ya - http://correo.espanol.yahoo.com/
> >
>

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/
Received on Apr 18 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos