[WEB SECURITY] IP address change: relogin

Martin O'Neal martin.oneal at corsaire.com
Thu May 22 13:04:58 EDT 2008


> Well, looking at a simple XSS case, where the "attacker 
> gets the cookies", but not much more: they wouldn't find 
> it easy to spoof the IP address.

It would be an unusual injection point that allowed you enough mobile
code to do something interesting with the cookies, but to do no more. 

A few examples from my grandma and her eggs:

XSS Shell [http://www.securiteam.com/tools/6X00120HFO.html]
JavaScript XSS Scanner
[http://www.gnucitizen.org/blog/javascript-xss-scanner/]

Martin...


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list