[WEB SECURITY] XSS Question
Robert A.
robert at webappsec.org
Thu Jun 23 12:22:07 EDT 2011
Certainly more than popup boxes are possible :) I would advise checking
out the following articles which explain abuse cases for XSS.
XSS FAQ
[1] http://www.cgisecurity.com/xss-faq.html#whatare
Worms and malware section
[2] http://projects.webappsec.org/w/page/13246920/Cross-Site-Scripting
XSS wikipedia exploit scenarios section
[3] http://en.wikipedia.org/wiki/Cross-site_scripting#Exploit_scenarios
Regards,
- Robert
http://www.webappsec.org/
http://www.qasec.com/
> Hello,
During a recent web pentest I found an input vulnerable to XSS. The developers have come back to me saying they resolved the issue, but upon retesting I found it still vulnerable to the following string: \";alert('XSS');//
Just for my own education, can anything malicious be done with such a string or is the extent of the damage a popup box (which is what I currently get).
Thank you,
Jason
More information about the websecurity
mailing list