Re: XSS interrogations

From: Paul Sebastian Ziegler (psz@observed.de)
Date: Thu Aug 23 2007 - 02:29:21 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Just a rough sketch of what you can do with the different types of XSS.

1) You can grab those cookies. Make the JavaScript send them to you and
you may be able to hijack the session or even the account

2) You can read stuff from the Webapp itself (Major consequences if
sensitive data like billing information is shown)

3) You can deface the Webpage and spread false information by writing to
the document.body.innerHTML element. (Works better with persistent XSS,
but reflected does fine as well)

4) With persistent XSS in a big site you can run DoS-Attacks against
smaller servers

5) You can surveil the user's behavior

6) XSS allows you to beat about any security mechanism that would
normally prevent CSRF

7) You can actually hijack the user's browser and use it as a proxy for
yourself. (http://www.portcullis-security.com/16.php)

There is a lot more. And you can combine most of this.
When asking "what could XSS do" it would be much easier to just consider
"what could I possibly do with JavaScript?".

Many Greetings
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzSk8aHrXRd80sY8RCnJqAKDzwI981ybG6RbxOTC4wh/UK9wUXACeJzRj
3g0ETxf2VDefJr6cSG8oIYY=
=b1PF
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT