[WEB SECURITY] XSS caused by Greasemonkey userscript

Martin Johns martin.johns at gmail.com
Fri Dec 29 09:11:50 EST 2006


Hello all,

I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/

Best
Martin

-- 
Martin Johns
http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list