[WEB SECURITY] Local XSS

MustLive mustlive at websecurity.com.ua
Sun May 23 16:53:10 EDT 2010


Hello participants of Mailing List.

On previous week I wrote about universal XSS vulnerability in Ad Muncher.
And on this week I published my new article and it's English version - Local
XSS (http://websecurity.com.ua/4219/). It's new type of Cross-Site Scripting
vulnerabilities which I created in June 2006, when found vulnerability in Ad
Muncher.

Local XSS - it’s Cross-Site Scripting vulnerabilities in local software (at
computer of the user, or in local network), which leads to appearance of XSS
vulnerabilities. I.e. it’s such XSS vulnerabilities, which take place not
directly at the site, but in local software of the user. And which allow to
attack even those sites, which can even not have XSS vulnerabilities.

Table of contents:

1. Nuances of Local XSS.
2. Types of Local XSS.
3. Reflected local XSS.
4. Persistent local XSS.
5. Strictly social local XSS.
6. Example of Local XSS.

You can read the article Local XSS at my site:
http://websecurity.com.ua/4219/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list