If you claim that "XSS is not a big deal" that means you never owned
something by using it and that's your problem not XSS's
-Ferruh Mavituna, Author of XSS
Shell, XSS Tunnel and NetSparker
Cross-site Scripting is an interesting vulnerability. It is relatively
easier to discover in a Penetration test but demonstrating its impact
has always been tricky. So tricky in fact that it has pushed one of
the most creative groups of people in IT (Penetration testers) in to
using the most boring and misleading POC possible. Yes, you guessed it
right, the ubiquitous JavaScript alert() box. To break the
monotonousness testers sometimes change the message being displayed
but that’s as far as it usually goes. It also has the nasty side
effect of developers blocking the word ‘alert’ in their code while
‘eval’ is let through.
In pentests XSS is usually considered as a dead-end vulnerability -
you discover it, take a screenshot and move on to something else. It
cannot be exploited and used as a stepping stone to another attack
because exploiting it would require attacking a user and that is
something Penetration testers aren’t allowed to do, the contract 9 out
of 10 times only lets us attack the server or the application. That
however does not stop the attackers from going so far as to taking
over entire servers using a simple XSS in the real world.
The real impact of XSS is that an attacker can do anything that the
user can do with his session. Today I am releasing a tool that would
let you demonstrate this very impact with the same effort involved as
showing the alert box. Ladies and Gentlemen, I give you - Shell of the
Future.
Visit the below link for more information"
http://blog.andlabs.org/2010/07/shell-of-future-reverse-web-shell.html
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
