|
-
February 7th, 2008, 04:31 PM
#7
 Originally Posted by The-Spec
But the browsers aren't doing anything outside of what they're designed for. It's more of a flaw in web applications.
This is essentially what I'm saying... the flaw exists in the web application (occasionally the web server... The Trace/Expect headers (for example) have both been known to be vulnerable to XSS)
I see the web application as being remote though... it's not usually considered a local application.
Nokia: What if the target is your home computer, and the attack is a DoS... following what you said there, I'd think you'd call it local (however I know you wouldn't)... The "XSS 'script'" as you put it is just javascript... a browser is supposed to execute that... there's no vulnerability/exploit introduced at that stage.
nihil: I would say on a LAN/WAN is still remote in the same way that the internet is... Because if you took the vulnerable web app on your LAN and placed it on the internet, the XSS would still exist...
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By jerichoholic in forum Spyware / Adware
Replies: 12
Last Post: November 30th, 2004, 11:14 AM
-
By Carla in forum Web Security
Replies: 41
Last Post: October 31st, 2004, 09:17 AM
-
By dantesheaven in forum Spyware / Adware
Replies: 9
Last Post: October 24th, 2004, 01:49 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote