[WEB SECURITY] XSS Question
Chintan Dave
davechintan at gmail.com
Thu Jun 23 15:16:35 EDT 2011
XSS with msf's autopwn feature and a bit of social engineering - boom you have a shell :)
Sorry for brevity, sent from my iPod,
Thanks,
Chintan
On 23-Jun-2011, at 9:45 PM, Jason Drury <druryjason at yahoo.com> wrote:
> Hello,
>
> During a recent web pentest I found an input vulnerable to XSS. The developers have come back to me saying they resolved the issue, but upon retesting I found it still vulnerable to the following string: \";alert('XSS');//
>
> Just for my own education, can anything malicious be done with such a string or is the extent of the damage a popup box (which is what I currently get).
>
> Thank you,
> Jason
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110624/63c41bd2/attachment.html>
More information about the websecurity
mailing list