Xss Faq
Results 1 to 6 of 6

Thread: Xss Faq

  1. #1
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884

    Xss Faq

    A good FAQ about Cross Site Scripting...

    http://www.cgisecurity.com/articles/xss-faq.shtml

    What else is there to say?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    310
    hehe
    interesting..thanks
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Xss Faq

    What else is there to say? [/B][/QUOTE]

    This.Good post!

    And this

    Risk: High
    -------------------------http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=72

    OVERVIEW
    A new vulnerability in an MSN Chat ActiveX Control allows hackers to automatically execute arbitrary code by visiting a Web page or receiving HTML-enabled e-mail. Since the MSN Chat control utilizes the user's security configuration, the program would be able to take any action that the legitimate user is capable of taking. eEye Digital Security discovered this exploit, and it is published as follows: http://www.eeye.com/html/Research/Ad...D20020508.html .MSN Chat ActiveX Control allows users of MSN Chat, Messenger and Exchange Instant Messenger to group together in a single "space" to chat in real time. Microsoft has released a critical security patch.
    Local ActiveX Controls are already installed on the user's machine by one of these applications, therefore, attempting to to block all ActiveX Controls via the firewall isn't effective. This exploit doesn't require a low security setting for the browser. The default browser setting (Medium) is enough to ensure the success of such an attack. All Internet Explorer users are potentially affected because this is a Microsoft-signed OCX. Users that have not installed Microsoft Messenger can be affected if they choose to launch the ActiveX that is signed by Microsoft. ActiveX Controls are powerful. You can try the following signed ActiveX demo: http://www.finjan.com/mcrc/demos/activex.cfm
    .The combination of a low security setting for the browser and a computer with no MSN Chat Control leads to an automatic attack. Finjan Software predicts that this exploit will be used in the wild. Microsoft UA control has been used in the past to lower the MSOffice security setting.
    A very similar exploit was discovered a week ago in a Macromedia Flash ActiveX control by the same company. eEye Digital Security advisory can be found at: http://www.eeye.com/html/Research/Ad...D20020502.html
    Finjan Software strongly advises you to take proper precautions to protect yourself from this type of attack. All Internet Explorer users should install the update. Finjan Software products block this exploit, as any other violation performed by ActiveX Control.

    Firewall software or hardware at a network gateway protects private networks from network-based attacks by allowing or blocking network transactions but firewalls do not perform content inspection or behavior monitoring of code. Firewalls are a good line of defense for networks, but malicious code attacks on PCs can bypass firewalls very easily via the Web or e-mail.

    http://www.finjan.com/products/surfinguard.cfm to download the freeware
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Awesome read.... I'm good at CSS and I dun find many guides/tut's about it often so thanks.

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    JRoc> just so you know, its XSS, not CSS. CSS is Cascading Style Sheets. Since they both deal with websites, Cross Site Scripting was givin the name XSS.

    kadeng> good find...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Whoops... Sorry!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •