[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] on xss and its technical merit

To: coderman <coderman@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] on xss and its technical merit
From: Byron Sonne <blsonne@xxxxxxxxxx>
Date: Wed, 12 Dec 2007 09:48:07 -0500

coderman wrote:
> so perhaps "xss should be discussed much less" is the only
> concrete thing we all agree on?

FTW

It's pretty obvious that finding XSS has a low entrance barrier; this
explains its popularity. It's just not very impressive. At the same
time, if finding an xss gets some kid interested in security, then I
suppose it can't be all bad.

In any case, wikipedia has something interesting on this, I never
thought about how to categorize them, but then again, I usually start
vomiting from boredom at the mere site of the word 'xss' in a subject line.

>From http://en.wikipedia.org/wiki/Xss, take it as you will:

Type 0

This form of XSS vulnerability has been referred to as DOM-based or
Local cross-site scripting, and while it is not new by any means, a
recent paper (DOM-Based cross-site scripting) does a good job of
defining its characteristics. With Type 0 cross-site scripting
vulnerabilities, the problem exists within a page's client-side script
itself.

Type 1

This kind of cross-site scripting hole is also referred to as a
non-persistent or reflected vulnerability, and is by far the most common
type. These holes show up when data provided by a web client is used
immediately by server-side scripts to generate a page of results for
that user. If unvalidated user-supplied data is included in the
resulting page without HTML encoding, this will allow client-side code
to be injected into the dynamic page

Type 2

This type of XSS vulnerability is also referred to as a stored or
persistent or second-order vulnerability, and it allows the most
powerful kinds of attacks. It is frequently referred to as HTML
injection. A type 2 XSS vulnerability exists when data provided to a web
application by a user is first stored persistently on the server (in a
database, filesystem, or other location), and later displayed to users
in a web page without being encoded using HTML entities.

Cheers,
B

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] on xss and its technical merit
  - From: coderman

Prev by Date: Re: [Full-disclosure] on xss and its technical merit
Next by Date: Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
Previous by thread: Re: [Full-disclosure] on xss and its technical merit
Next by thread: Re: [Full-disclosure] on xss and its technical merit
Index(es):
- Date
- Thread