uberChicGeekChick(); uberChicks | OSS | code | culture | creativity!

*hey* I'm Kaity G. B.->( uberChicGeekChick );
My blog &podcast focus on all of us uberChicGeekChicks! yep girls, lots of us, who actually know as much as, &even more, than guys out there.
I cover open source &creative commons art that we're involved in: coding as art; databases(hey they're fun); system administration; multimedia creation &production.
Anything geeky, *happy-shiny*, &fun. What ever I obsess or dabble in; what *tickles* ^_^ my easily distracted attention.

2007-07-13

yet another cross site scripting exploit.

*as an oss web developer i have to be aware of online security.*

and as, in this *shivers* web2.0 world, every one should be. this latest exploit is not scary in and of itself, but because of its possibilities. this one thanks to rsnake over at ha.ckers.org

clipped from ha.ckers.org

Ferruh Mavituna posted about a new tool he’s created to do XSS tunneling.

Ferruh’s is in .NET instead of server side scripts.

He built his tool to be a proxy, so that you could write other third party scanning tools that interface with it. So let’s say you’ve got Nikto, but you want your target to do the work for you. You can plug Nikto into this, use it like a proxy, and poof, the client is now under Nikto’s control, by way of XSS Tunneling, by way of JavaScript running on their browser. Crazy, but cool. Ferruh’s also got a nice writeup and video to go along with it. Very cool stuff!

uberChicGeekChick(); uberChicks | OSS | code | culture | creativity!

My Mugshot: Original OSS Social Networking

About Me

Twitter Updates

Blog Archive

Odiogo Feed

Blog/Pod roll

2007-07-13

yet another cross site scripting exploit.

No comments: