- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
XSS Tunneling White Paper and Tool
------------------------------------------------------------------------
SUMMARY
DETAILS
XSS Tunneling is the tunneling of HTTP traffic through an opened XSS
Channel. Thus any application with HTTP proxy support can tunnel its
traffic through an XSS Channel (a channel opened by a tool like XSS
Shell).
White paper is explaining XSS Tunneling, benefits, real worlds examples
and basic usage of XSS Tunnel (a local HTTP proxy for tunneling) tool.
XSS Tunneling Paper:
<http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf>
http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf
A Short Demonstration Video:
<http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip>
http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip
Video shows to exploit a permanent XSS in wordpress and bypass Basic Auth
on the fly by XSS Tunnel.
ADDITIONAL INFORMATION
The information has been provided by <mailto:ferruh@mavituna.com> Ferruh
Mavituna.
The original article can be found at:
<http://www.portcullis-security.com/16.php>
http://www.portcullis-security.com/16.php
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment