|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS caused by Greasemonkey userscript
From: Martin Johns (martin.johns
gmail.com)
Date: Fri Dec 29 2006 - 08:11:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello all,
I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/
Best
Martin
--
Martin Johns
http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php
-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate 3
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]