|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: XSS - how to run script
From: Joshua Perrymon (josh.perrymon
purehacking.com)
Date: Thu Oct 19 2006 - 18:09:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> One of the best repositories of exotic ways to perform XSS
> (with or without evasion, with or without script tag) is the
> XSS cheat sheet:
> http://ha.ckers.org/xss.html
>>> I Agree 100%. I would look at the Cal9000 tool on the OWASP website.
http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
It uses Rsnakes XSS library and includes it in a Website/Tool/Scratchpad to
use during these APP tests. I put Cal9000 on the first version of the OWASP
Live CD but it won't be released for another Month. If you use it just make
sure your Browser is Firefox... It doesn't like Opera or others.
Cheers,
JP
Joshua Perrymon, CE|H,OPST,OPSA
Sr. Security Consultant
-----------------------------------------
Pure Hacking - The Leaders In Internet Security
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of A. R.
> Sent: Friday, 20 October 2006 6:23 AM
> Cc: Penetration Testing; Web Application Security
> Subject: Re: XSS - how to run script
>
> One of the best repositories of exotic ways to perform XSS
> (with or without evasion, with or without script tag) is the
> XSS cheat sheet:
> http://ha.ckers.org/xss.html
>
> hth
>
> --
> icesurfer
>
> Tal Argoni wrote:
> > Does anyone have any
> > techniques/knowledge/examples/ideas/etc
> > of how it possible to run script
> > without using the <script> tag,
> > and without evasion techniques ?
> > <script
> > src=http://www.www.com/XSS.js></script>
> > Thanks allot
> > LegendaryZion
> >
> >
> >
> >
> ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
> > 1600000008bOW
> >
> ----------------------------------------------------------------------
> > --
> >
> >
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> --------------------------------------------------------------
> ----------
>
>
>
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC. Download a
free trial of AppScan today and see why more customers choose AppScan
then any other solution.
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTO
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]