Re: XSS vulnerabiilty testing and impact

From: Robert E. Lee (robert@outpost24.com)
Date: Thu Jul 27 2006 - 06:46:25 EDT

• Next message: Joey Peloquin: "Re: [lists] RE: CS-Mars appliance"
• Previous message: Robert E. Lee: "Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)"
• In reply to: Rick Zhong: "XSS vulnerabiilty testing and impact"
• Next in thread: Arian J. Evans: "RE: XSS vulnerabiilty testing and impact"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 27 Jul 2006 09:33:50 +0800
"Rick Zhong" <sagiko@gmail.com> wrote:
> My question is if the user inputs are not displayed to any other users
> ANYWHERE in the application, what's the impact of this XSS
> vulnerability? Or are we still consider this as an XSS vulnerability?
> Can malicious intruders still take advantage of this?

Yes, it is still considered XSS by many (most?). It's usually only a real problem if the XSS is exploitable pre-authentication. If it is a pre-auth XSS, an attacker can use a phishing scenario to collect valid login credentials. This attack is greatly aided when the site also has SSL, as the user will be able to verify that they are indeed talking to https://www.theirrealbank.com... but the content of the page will be controlled by the attacker through the pre-auth XSS.

There are likely other bad scenarios, but that's the one I usually think of when I see it.

Robert

-- 
Robert E. Lee
Chief Security Officer
http://www.outpost24.com
 
phone: (949) 394-2033
fax  : +46-(0)455-13960
email: robert@outpost24.com
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Joey Peloquin: "Re: [lists] RE: CS-Mars appliance"
• Previous message: Robert E. Lee: "Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)"
• In reply to: Rick Zhong: "XSS vulnerabiilty testing and impact"
• Next in thread: Arian J. Evans: "RE: XSS vulnerabiilty testing and impact"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:25 EDT