Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: XSS
From: "Sverre H. Huseby" <shh () thathost com>
Date: Thu, 19 Dec 2002 21:27:25 +0100
[Matthew Miller]

|   First, there are really two types of XSS.  Persistent, where the
|   injected code is stored within the web application, such as in
|   distribution lists, databases, etc..., Transaction based,
|   requiring a user to perform an action in order to be affected,
|   such as click on a link, view a page with malicious script in it,
|   etc...

Sorry for answering this late...

I've come to call the latter "socially engineered XSS" (SEXSS? :) ),
as it most often will involve some kind of con in order to make the
user follow the link.  Is that a good name?


Sverre.

PS: I've just finished "The Art of Deception" by Kevin Mitnick.  I
    guess that's why I suddenly came up with the name.  An enjoyable
    book, BTW.

-- 
shh () thathost com             Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/        http://nerdquiz.thathost.com/

  By Date           By Thread  

Current thread:
  • Re: XSS, (continued)
      • Re: XSS John Madden (Dec 10)
        • Re: XSS Kevin Spett (Dec 10)
        • Re: XSS Stephen de Vries (Dec 11)
        • Re: XSS Matthew Miller (Dec 11)
        • Re: XSS Jeff Williams @ Aspect (Dec 11)
        • Re: XSS Sverre H. Huseby (Dec 19)
        • Re: XSS Ed Tracy @ Aspect Security (Dec 11)
        • Re: XSS Matthew Miller (Dec 11)
        • Re: XSS HarryM (Dec 15)
    • Re: XSS zeno (Dec 10)
    • RE: XSS Ernesto Funes (Dec 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]