Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Cross-Application Scripting

M
MustLive
Mon, Oct 31, 2011 7:30 PM

Hello participants of Mailing List.

In the middle of October, I've published article about such class of XSS
vulnerabilities as Cross-Application Scripting (which is known for a long
time). In comparison with other articles about this class of XSS (which I've
read), my article has few advantages. Besides laconic description of XAS,
I've presented classification of XAS (its types) and presented references on
two articles on this topic (for additional information), which were written
earlier and had different view on this topic.

In the article Cross-Application Scripting (http://websecurity.com.ua/5438/)
I've briefly described this class of XSS vulnerabilities, wrote about types
of XAS, nuances of XAS and examples of XAS (such as Sophos Anti-Virus, ICQ,
SPIDynamics WebInspect, Gpedit and RSoP in Microsoft Windows).

Here is the table of contents.

  1. Types of Cross-Application Scripting.
  2. Nuances of Cross-Application Scripting.
  3. Examples of Cross-Application Scripting vulnerabilities.

In short, there are the next types of XAS: persistent XAS and reflected XAS.

And also I've referenced on two articles on this topic (which you can read
for additional information about XAS). The first is "Cross-application
scripting" (http://en.wikipedia.org/wiki/Cross-application_scripting) on
Wikipedia (which is very small article, based on one 2010's research and
without references on previous works and articles, like the next 2005's
article, but besides XAS it also describes Cross-Application Request
Forgery), the second is QQLan's article (on Russian) "XSS - WEB =
Cross-Applications Scripting" (http://www.securitylab.ru/contest/212127.php)
published in 2005. Both these articles have different view on this topic, so
for better understanding of XAS it's recommending to read both of them.

P.S.

Last week I've published article Strictly social XSS (about new class of
XSS, which I've found in September 2007 and first presented in October 2007,
and from that time I've disclosed millions of Strictly social XSS holes in
different web applications and web sites). And soon I'll translate this
article and present for you.

Best wishes & regards,
MustLive
http://soundcloud.com/mustlive

Hello participants of Mailing List. In the middle of October, I've published article about such class of XSS vulnerabilities as Cross-Application Scripting (which is known for a long time). In comparison with other articles about this class of XSS (which I've read), my article has few advantages. Besides laconic description of XAS, I've presented classification of XAS (its types) and presented references on two articles on this topic (for additional information), which were written earlier and had different view on this topic. In the article Cross-Application Scripting (http://websecurity.com.ua/5438/) I've briefly described this class of XSS vulnerabilities, wrote about types of XAS, nuances of XAS and examples of XAS (such as Sophos Anti-Virus, ICQ, SPIDynamics WebInspect, Gpedit and RSoP in Microsoft Windows). Here is the table of contents. 1. Types of Cross-Application Scripting. 2. Nuances of Cross-Application Scripting. 3. Examples of Cross-Application Scripting vulnerabilities. In short, there are the next types of XAS: persistent XAS and reflected XAS. And also I've referenced on two articles on this topic (which you can read for additional information about XAS). The first is "Cross-application scripting" (http://en.wikipedia.org/wiki/Cross-application_scripting) on Wikipedia (which is very small article, based on one 2010's research and without references on previous works and articles, like the next 2005's article, but besides XAS it also describes Cross-Application Request Forgery), the second is QQLan's article (on Russian) "XSS - WEB = Cross-Applications Scripting" (http://www.securitylab.ru/contest/212127.php) published in 2005. Both these articles have different view on this topic, so for better understanding of XAS it's recommending to read both of them. P.S. Last week I've published article Strictly social XSS (about new class of XSS, which I've found in September 2007 and first presented in October 2007, and from that time I've disclosed millions of Strictly social XSS holes in different web applications and web sites). And soon I'll translate this article and present for you. Best wishes & regards, MustLive http://soundcloud.com/mustlive
Empathy v1.0   2024 ©Harmonylists.com