Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS caused by Greasemonkey userscript

from [Martin Johns] Network Security [Permanent Link]
Subject: XSS caused by Greasemonkey userscript
Date: Fri, 29 Dec 2006 15:11:50 +0100 
Hello all,

I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/

Best
Martin

--
Martin Johns
http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php

-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • XSS caused by Greasemonkey userscript, Martin Johns <=
Previous by Date:  Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns
Next by Date:  Fierce domain scan released, RSnake
Previous by Thread:  ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
Next by Thread:  Fierce domain scan released, RSnake
Indexes:  [Date] [Thread] [Top] [All Lists]