[WEB SECURITY] XSS Impact

steve jensen sjensen1207 at hotmail.com
Tue Jan 13 20:37:24 EST 2009


My favorite attack scenario is to spoof content, such as a login page, that would allow me to steal the user's credentials.
 
There are numerous things that can be accomplished including stealing cookies, spoofing content, injecting a keylogger via a hidden iframe, etc...



From: petelind at spiresecurity.comTo: websecurity at webappsec.orgDate: Tue, 13 Jan 2009 19:31:45 -0500Subject: [WEB SECURITY] XSS Impact



Greetings –
 
I am trying to get my arms around the cross-site scripting vulnerability impact and can only come up with it as an enabler of other exploits. Can you give me your best (highest impact) examples of what an XSS vuln can do without combining with other exploit techniques?
 
Thanks,
 
Pete
 
Pete Lindstrom
Research Director
Spire Security
610-644-9064
blog: http://spiresecurity.typepad.com
 
 
_________________________________________________________________
Windows Live™: Keep your life in sync. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_012009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090113/a24d75af/attachment.html>


More information about the websecurity mailing list