On Wed, Dec 3, 2008 at 3:05 AM, Ravi Gopal <ravigopalt (at) gmail (dot) com [email concealed]> wrote:
> Dear List,
>
> I'm doing a WAPT for a website and found many XSS issues (both Stored and
> Reflected).
> I wanted to do more and show to the customer, apart from normal script
> injection and getting it popped up.
>
> Consider that u found an XSS issue in a field and your script is running,
>
> 1. Now what are the further steps for exploiting XSS completely????
> 2. How an attacker can really make use of it?
> 3. How to Compromise ??
> 4. What are the real world scenarios can be used
>
> Looking for few good inputs/imlementations/expolits/BooKs ..............
>
> Thanks in advance,
>
> Cheers,
> White hat
>
You can find good stuff on OWASP:
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting
In references you can find good stuff, also good stuff to show how
real world works. ;)
For real world case you can find nice walkthrough here:
http://packetstormsecurity.org/papers/web/xss-walkthrough.txt
Cheers,
--
Ulisses Castro (thebug)
http://ulissescastro.wordpress.com
uss.thebug (at) gmail (dot) com [email concealed]
On Wed, Dec 3, 2008 at 3:05 AM, Ravi Gopal <ravigopalt (at) gmail (dot) com [email concealed]> wrote:
> Dear List,
>
> I'm doing a WAPT for a website and found many XSS issues (both Stored and
> Reflected).
> I wanted to do more and show to the customer, apart from normal script
> injection and getting it popped up.
>
> Consider that u found an XSS issue in a field and your script is running,
>
> 1. Now what are the further steps for exploiting XSS completely????
> 2. How an attacker can really make use of it?
> 3. How to Compromise ??
> 4. What are the real world scenarios can be used
>
> Looking for few good inputs/imlementations/expolits/BooKs ..............
>
> Thanks in advance,
>
> Cheers,
> White hat
>
[ reply ]