steve jensen sjensen1207 at hotmail.com
Tue Jan 13 20:37:24 EST 2009

My favorite attack scenario is to spoof content, such as a login page, that would allow me to steal the user's credentials.
There are numerous things that can be accomplished including stealing cookies, spoofing content, injecting a keylogger via a hidden iframe, etc...

From: petelind at spiresecurity.comTo: websecurity at webappsec.orgDate: Tue, 13 Jan 2009 19:31:45 -0500Subject: [WEB SECURITY] XSS Impact

Greetings –
I am trying to get my arms around the cross-site scripting vulnerability impact and can only come up with it as an enabler of other exploits. Can you give me your best (highest impact) examples of what an XSS vuln can do without combining with other exploit techniques?
Pete Lindstrom
Research Director
Spire Security
blog: http://spiresecurity.typepad.com
Windows Live™: Keep your life in sync. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090113/a24d75af/attachment.html>

More information about the websecurity mailing list