Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Advantages of attacks on sites with using other sites and Using of tags frameset and iframe for conducting XSS attacks

M
MustLive
Sun, Jun 16, 2013 11:44 PM

Hello participants of Mailing List.

Recently I wrote new articles. And I'll tell you briefly about two my
articles (from 2010 and 2013) concerning advantages of attacks on sites with
using other sites and using of tags frameset and iframe for conducting XSS
attacks. These topics should be interesting for you (especially for those,
who haven't read them before).

  1. Advantages of attacks on sites with using other sites.
    http://websecurity.com.ua/4562/

In this article I've told about advantages of different attacks on web
sites with using other sites (which I've described in three previous
articles). I didn't write you about it earlier, so did it now. In the
article I've described advantages for DoS attacks, DDoS attacks and sending
spam via other sites.

In 2010 I wrote about DoS and DDoS attacks via other sites and sending spam
via other sites in my articles:

Using of the sites for attacks on other sites
http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html
http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-June/006761.html
DDoS attacks via other sites execution tool (DAVOSET)
http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html
Sending spam via sites and creating spam-botnets
http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html

Particularly in second article I wrote about DDoS attacks with using of many
other sites as zombie-servers and presented my tool DAVOSET to you. Remind
these articles for yourself, since I'll write on this topic soon.

  1. Using of tags frameset and iframe for conducting XSS attacks.
    http://websecurity.com.ua/6561/

In this article I've told about non-standard using of tags frameset and
iframe for conducting XSS attacks. Which I've found already at 08.09.2008,
during my research of vulnerabilities in browsers. My methods of attacks
with using these tags are not well known, particularly they are not
presented in famous XSS Cheat Sheet by RSnake (not in 2008, nor in 2013).
Earlier RSnake placed it at his site, but recently he moved it to XSS Filter
Evasion Cheat Sheet at web site of OWASP.

My techniques can be used to bypass restrictions (in some browsers) which
exist at using of old methods of XSS attacks with frameset and iframe tags
and for conducting XSS attacks with bypassing security filters and WAFs,
which are not aware about it.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Hello participants of Mailing List. Recently I wrote new articles. And I'll tell you briefly about two my articles (from 2010 and 2013) concerning advantages of attacks on sites with using other sites and using of tags frameset and iframe for conducting XSS attacks. These topics should be interesting for you (especially for those, who haven't read them before). 1. Advantages of attacks on sites with using other sites. http://websecurity.com.ua/4562/ In this article I've told about advantages of different attacks on web sites with using other sites (which I've described in three previous articles). I didn't write you about it earlier, so did it now. In the article I've described advantages for DoS attacks, DDoS attacks and sending spam via other sites. In 2010 I wrote about DoS and DDoS attacks via other sites and sending spam via other sites in my articles: Using of the sites for attacks on other sites http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-June/006761.html DDoS attacks via other sites execution tool (DAVOSET) http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html Sending spam via sites and creating spam-botnets http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html Particularly in second article I wrote about DDoS attacks with using of many other sites as zombie-servers and presented my tool DAVOSET to you. Remind these articles for yourself, since I'll write on this topic soon. 2. Using of tags frameset and iframe for conducting XSS attacks. http://websecurity.com.ua/6561/ In this article I've told about non-standard using of tags frameset and iframe for conducting XSS attacks. Which I've found already at 08.09.2008, during my research of vulnerabilities in browsers. My methods of attacks with using these tags are not well known, particularly they are not presented in famous XSS Cheat Sheet by RSnake (not in 2008, nor in 2013). Earlier RSnake placed it at his site, but recently he moved it to XSS Filter Evasion Cheat Sheet at web site of OWASP. My techniques can be used to bypass restrictions (in some browsers) which exist at using of old methods of XSS attacks with frameset and iframe tags and for conducting XSS attacks with bypassing security filters and WAFs, which are not aware about it. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Empathy v1.0   2024 ©Harmonylists.com