[SECURITY-L] The Cross-site Scripting Virus
CSIRT - UNICAMP
security em unicamp.br
Qui Out 27 09:16:59 -02 2005
----- Forwarded message from Cristine Hoepers <cristine em cert.br> -----
From: Cristine Hoepers <cristine em cert.br>
Subject: [S] The Cross-site Scripting Virus
To: seguranca em pangeia.com.br
Date: Thu, 13 Oct 2005 09:12:05 -0300
[http://www.bindshell.net/papers/xssv.html]
The Cross-site Scripting Virus
Wade Alcorn
wade em bindshell.net
http://www.bindshell.net
Mini-Whitepaper
Last Edited: 28th September 2005
Version: 1.0.9
Copyright (c) 2005 Wade Alcorn
All Rights Reserved Worldwide
Abstract
This paper explores the new threat of cross-site scripting (XSS)
viruses. To date, cross site scripting has never been utilised to
generate viruses. These viruses are a new species which are platform
independent and not affected by common firewall configurations. XSS
viruses could have a significant impact for Internet continuity,
including distributed denial of service (DDOS) attacks, spam and
dissemination of browser exploits. This is particularly relevant with
the increasing sophistication of web browsers and the growing
popularity of web based applications such as Wikis and Blogs.
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L