Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: XSS interrogations

from [Jon Xmas] Network Security [Permanent Link]
Subject: Re: XSS interrogations
Date: Thu, 23 Aug 2007 21:03:50 +0800 
To see some of the techniques at work I suggest checking out reddragon Attack 
Api. 
I believe some of the other big name XSS buffs contributed to another attack 
api but they called it black dragon which may actually do more but I dont have 
the link on me at the moment. Red Dragon has some cool functions built into it. 
Mainly its very harmless it just pulls information or embeds or crashes 
browsers and what not but all the functions are listed.

http://www.0x000000.com/hacks/reddragon.js

Ah just found the black dragon home page and as I said it has some of the big 
names involved. Rsnake and J Grossman both have added their input into this 
project as well as JUNGSONN PDP (GNUCITIZEN). So its a pretty sweet setup. 
http://blackdragon.jungsonnstudios.com/

----- Original Message -----
From: "Paul Sebastian Ziegler" <psz@observed.de>
To: "Jeremy Saintot" <jeremy.saintot@gmail.com>
Subject: Re: XSS interrogations
Date: Thu, 23 Aug 2007 08:29:21 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Just a rough sketch of what you can do with the different types of XSS.

1) You can grab those cookies. Make the JavaScript send them to you and
you may be able to hijack the session or even the account

2) You can read stuff from the Webapp itself (Major consequences if
sensitive data like billing information is shown)

3) You can deface the Webpage and spread false information by writing to
the document.body.innerHTML element. (Works better with persistent XSS,
but reflected does fine as well)

4) With persistent XSS in a big site you can run DoS-Attacks against
smaller servers

5) You can surveil the user's behavior

6) XSS allows you to beat about any security mechanism that would
normally prevent CSRF

7) You can actually hijack the user's browser and use it as a proxy for
yourself. (http://www.portcullis-security.com/16.php)

There is a lot more. And you can combine most of this.
When asking "what could XSS do" it would be much easier to just consider
"what could I possibly do with JavaScript?".

Many Greetings
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzSk8aHrXRd80sY8RCnJqAKDzwI981ybG6RbxOTC4wh/UK9wUXACeJzRj
3g0ETxf2VDefJr6cSG8oIYY=
=b1PF
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------







-- 
_______________________________________________
Get your free email from http://bsdmail.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fast UDP scan, Robert E. Lee
Next by Date:  PHP hacking sites..., tenbatsui
Previous by Thread:  Re: XSS interrogations, Paul Sebastian Ziegler
Next by Thread:  HTTP Proxy for thick clients, Huan Chi
Indexes:  [Date] [Thread] [Top] [All Lists]