Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS interrogations

from [Jeremy Saintot] Network Security [Permanent Link]
Subject: XSS interrogations
Date: Wed, 22 Aug 2007 16:51:15 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I have been wondering for a certain time what can be done concretely
with cross-site scripting. I mean, for example a Web
page on which I input an incorrect email address which results on a
page which says "your address [string entered] is invalid".

I can eventually generate a Javascript alert box containing my
own cookie, or things like that, but that does not have any
advantage for me.

I understand the interest to use XSS on message boards or others,
consultable by many people, but on simple pages like that, which I am
the only one to see? What can be done?

Thank you for your help ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzE1jb2WOwcVpNXURApHqAKCRYsYqyIH8d0MQ8ZP4UQZ7rhvIoQCfb6to
mZLy47G7PaN0zfowc0vn4Uk=
=1hoD
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bittorrent Data Port Probe, Paul Melson
Next by Date:  RE: AES-256 encryption, Dereck Martin
Previous by Thread:  Ping Script for Servers Keep Alive, jimmy wong
Next by Thread:  Re: XSS interrogations, Paul Sebastian Ziegler
Indexes:  [Date] [Thread] [Top] [All Lists]