[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)

From: "arian.evans" <arian.evans@xxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Date: Sun, 25 Jun 2006 21:53:17 -0500

 

> -----Original Message-----
> From: RSnake [mailto:rsnake@xxxxxxxxxxxx] 

> time being, there are no efforts I am aware of, other than IE 
> appears to be breaking the JavaScript directive inside of images

Inside of images, or inside of image tags?

I still haven't found content type restrictions, and commonly
embed images that are really js/vbs that IE will still execute.

Haven't tried this on the newest IE 7 build either...think you
mentioned they were breaking this.

http://www.anachronic.com/xss

has a few silly sample files, nothing malicious, plan to put more
up if we ever release our payload packages.

-ae





----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
  - From: RSnake

References:
- Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
  - From: RSnake

Prev by Date: Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Next by Date: RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Previous by thread: Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Next by thread: RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org