[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] IP address change: relogin

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] IP address change: relogin
Date: Thu, 22 May 2008 18:04:58 +0100

> Well, looking at a simple XSS case, where the "attacker 
> gets the cookies", but not much more: they wouldn't find 
> it easy to spoof the IP address.

It would be an unusual injection point that allowed you enough mobile
code to do something interesting with the cookies, but to do no more. 

A few examples from my grandma and her eggs:

XSS Shell [http://www.securiteam.com/tools/6X00120HFO.html]
JavaScript XSS Scanner
[http://www.gnucitizen.org/blog/javascript-xss-scanner/]

Martin...


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] IP address change: relogin
  - From: Stephan Wehner
- Re: [WEB SECURITY] IP address change: relogin
  - From: Bil Corry
- Re: [WEB SECURITY] IP address change: relogin
  - From: Stephan Wehner

Prev by Date: Re: [WEB SECURITY] IP address change: relogin
Next by Date: Re: [WEB SECURITY] IP address change: relogin
Previous by thread: Re: [WEB SECURITY] IP address change: relogin
Next by thread: Re: [WEB SECURITY] IP address change: relogin
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site