Ofer Shezaf ofer at shezaf.com
Wed Jan 14 02:05:57 EST 2009


The Web Hacking Incident Database lists real world web hacking incidents
broken by attack vector. You can find XSS incidents at
http://whid.xiom.com/whid-list/xss. For each incident the database lists the
outcome (i.e. impact) providing just the information you need.


~ Ofer


Ofer Shezaf

shezaf at xiom.com <mailto:ofer at shezaf.com> , +972-54-4431119


Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com

Chairman, OWASP Israel 

Leader, WASC Web Hacking Incidents Database Project


From: Pete Lindstrom [mailto:petelind at spiresecurity.com] 
Sent: Wednesday, January 14, 2009 2:32 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] XSS Impact


Greetings -


I am trying to get my arms around the cross-site scripting vulnerability
impact and can only come up with it as an enabler of other exploits. Can you
give me your best (highest impact) examples of what an XSS vuln can do
without combining with other exploit techniques?






Pete Lindstrom

Research Director

Spire Security


blog: http://spiresecurity.typepad.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090114/11b160e1/attachment.html>

More information about the websecurity mailing list