Xss Exploitation On A Public Machine

Full Version: Xss Exploitation On A Public Machine

GovernmentSecurity.org > The Archives > Exploit Articles

AgentOrange

Sep 27 2004, 06:52 PM

I found a XSS vulnerability in a machine that allows the public access to only one locally hosted website. I reported the vulnerability however they don't seem to understand the vulnerability or consider it a threat. I believe I could access a web page on the open Internet or possibly the local machine. Does anyone know of code that would allow me to do this? Does anyone know of more powerful XSS exploit code? I am under the impression that the most damage that can be done is session hijacking and cookie theft. Does anyone know any good papers on XSS exploitation?

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.