[WEB SECURITY] XSS Impact

Ofer Shezaf ofer at shezaf.com
Wed Jan 14 02:05:57 EST 2009


 

The Web Hacking Incident Database lists real world web hacking incidents
broken by attack vector. You can find XSS incidents at
http://whid.xiom.com/whid-list/xss. For each incident the database lists the
outcome (i.e. impact) providing just the information you need.

 

~ Ofer

 

Ofer Shezaf

shezaf at xiom.com <mailto:ofer at shezaf.com> , +972-54-4431119

 

Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com

Chairman, OWASP Israel 

Leader, WASC Web Hacking Incidents Database Project

 

From: Pete Lindstrom [mailto:petelind at spiresecurity.com] 
Sent: Wednesday, January 14, 2009 2:32 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] XSS Impact

 

Greetings -

 

I am trying to get my arms around the cross-site scripting vulnerability
impact and can only come up with it as an enabler of other exploits. Can you
give me your best (highest impact) examples of what an XSS vuln can do
without combining with other exploit techniques?

 

Thanks,

 

Pete

 

Pete Lindstrom

Research Director

Spire Security

610-644-9064

blog: http://spiresecurity.typepad.com

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090114/11b160e1/attachment.html>


More information about the websecurity mailing list