[WEB SECURITY] XSS Impact

Chris Varenhorst varenc at mit.edu
Tue Jan 13 20:47:25 EST 2009


http://www.heise-online.co.uk/security/Paypal-phishing-via-cross-site-scripting--/news/74418
http://en.wikipedia.org/wiki/Samy_(XSS)

Do you count phishing as another exploit technique?

anyway, I'm sure there's plenty more.

On Tue, Jan 13, 2009 at 7:31 PM, Pete Lindstrom
<petelind at spiresecurity.com>wrote:

>  Greetings –
>
>
>
> I am trying to get my arms around the cross-site scripting vulnerability
> impact and can only come up with it as an enabler of other exploits. Can you
> give me your best (highest impact) examples of what an XSS vuln can do
> without combining with other exploit techniques?
>
>
>
> Thanks,
>
>
>
> Pete
>
>
>
> Pete Lindstrom
>
> Research Director
>
> Spire Security
>
> 610-644-9064
>
> blog: http://spiresecurity.typepad.com
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090113/871e36db/attachment.html>


More information about the websecurity mailing list