[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] XSS Browser hijacking PoC?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] XSS Browser hijacking PoC?
From: Tim Brown <tmb@xxxxxxxxx>
Date: Mon, 16 Jun 2008 13:50:24 +0100

On Monday 16 June 2008 12:26:48 Hanno Böck wrote:
> Am Mittwoch 11 Juni 2008 schrieb Aaron Katz:
> > Several months ago, there was a post about a proof of concept for
> > complete browser hijacking via XSS.  IIRC, the hijacked browser would
> > periodically query a management server, and the management server would
> > track the hijacked browsers in a database.  The person controlling the
> > management server could then instruct the hijacked browsers to do his
> > bidding.
> >
> > The thing is, I can't find the tool.  I'm wondering if anyone still knows
> > where it is.
>
> BeEF? (google for it, according to german law I'm probably not allowed to
> post this link)

http://www.google.com/search?q=xssshell

Cheers,
Tim
-- 
Tim Brown
<mailto:tmb@xxxxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] XSS Browser hijacking PoC?
  - From: Aaron Katz

References:
- [Full-disclosure] XSS Browser hijacking PoC?
  - From: Aaron Katz
- Re: [Full-disclosure] XSS Browser hijacking PoC?
  - From: Hanno Böck

Prev by Date: Re: [Full-disclosure] XSS Browser hijacking PoC?
Next by Date: Re: [Full-disclosure] XSS Browser hijacking PoC?
Previous by thread: Re: [Full-disclosure] XSS Browser hijacking PoC?
Next by thread: Re: [Full-disclosure] XSS Browser hijacking PoC?
Index(es):
- Date
- Thread