From: Jon Xmas (sapling@bsdmail.com)
Date: Thu Aug 23 2007 - 09:03:50 EDT
To see some of the techniques at work I suggest checking out reddragon Attack Api.
I believe some of the other big name XSS buffs contributed to another attack api but they called it black dragon which may actually do more but I dont have the link on me at the moment. Red Dragon has some cool functions built into it. Mainly its very harmless it just pulls information or embeds or crashes browsers and what not but all the functions are listed.
http://www.0x000000.com/hacks/reddragon.js
Ah just found the black dragon home page and as I said it has some of the big names involved. Rsnake and J Grossman both have added their input into this project as well as JUNGSONN PDP (GNUCITIZEN). So its a pretty sweet setup. http://blackdragon.jungsonnstudios.com/
> ----- Original Message -----
> From: "Paul Sebastian Ziegler" <psz@observed.de>
> To: "Jeremy Saintot" <jeremy.saintot@gmail.com>
> Subject: Re: XSS interrogations
> Date: Thu, 23 Aug 2007 08:29:21 +0200
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Just a rough sketch of what you can do with the different types of XSS.
>
> 1) You can grab those cookies. Make the JavaScript send them to you and
> you may be able to hijack the session or even the account
>
> 2) You can read stuff from the Webapp itself (Major consequences if
> sensitive data like billing information is shown)
>
> 3) You can deface the Webpage and spread false information by writing to
> the document.body.innerHTML element. (Works better with persistent XSS,
> but reflected does fine as well)
>
> 4) With persistent XSS in a big site you can run DoS-Attacks against
> smaller servers
>
> 5) You can surveil the user's behavior
>
> 6) XSS allows you to beat about any security mechanism that would
> normally prevent CSRF
>
> 7) You can actually hijack the user's browser and use it as a proxy for
> yourself. (http://www.portcullis-security.com/16.php)
>
> There is a lot more. And you can combine most of this.
> When asking "what could XSS do" it would be much easier to just consider
> "what could I possibly do with JavaScript?".
>
> Many Greetings
> Paul
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGzSk8aHrXRd80sY8RCnJqAKDzwI981ybG6RbxOTC4wh/UK9wUXACeJzRj
> 3g0ETxf2VDefJr6cSG8oIYY=
> =b1PF
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
-- _______________________________________________ Get your free email from http://bsdmail.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT