[WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)

arian.evans arian.evans at anachronic.com
Sun Jun 25 22:53:17 EDT 2006


 

> -----Original Message-----
> From: RSnake [mailto:rsnake at shocking.com] 

> time being, there are no efforts I am aware of, other than IE 
> appears to be breaking the JavaScript directive inside of images

Inside of images, or inside of image tags?

I still haven't found content type restrictions, and commonly
embed images that are really js/vbs that IE will still execute.

Haven't tried this on the newest IE 7 build either...think you
mentioned they were breaking this.

http://www.anachronic.com/xss

has a few silly sample files, nothing malicious, plan to put more
up if we ever release our payload packages.

-ae





----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list