advisories ... Yabb and UBB CSS

 

user comments
name
email
comments
 
smtp relay check
mailserver:
e-mail:
more info
translate to ...
language:
 
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity
Nekromantic
EyeonSecurity Forums
Ob5cureDotCom
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox
nekromantic.com astalavista.net wand products
security-protocols
adv-knowledge rootshell wbglinks
security.nnov.ru
 
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission
 

Bypassing JavaScript Filters – the Flash! Attack
A previously unpublished way to inject CSS (Cross site scripting) attack on Web Applications which allow Flash content. Many sites may currently be vulnerable to this kind of attack.

This paper describes the following points:
- How Cross-site scripting effects web applications and what major sites
  do to prevent this kind of attack
- Show that what is described by standard authorities as a solution to
  XSS is not always enough.
- How to create a demonstration Flash document which launches XSS
- Examples of major sites which are vulnerable to this kind of attack
- Solutions to the issue
- DEMO pages!

Download Paper (need pdf view eg. acrobat reader)
View online version