XSS Cross Protocol with Non-Standard Service Ports

Question

XSS Cross Protocol with Non-Standard Service Ports

He guys

I just read this post about a really different (and at the same time cool) way to execute XSS. However, it is still not clear to me.

I understand the full concept of an attack, but I don’t see how this could potentially be used. The action attribute inside the form should point to the ftp server (or any other server that reflects input), but this never happens.

Therefore, if you do not have another XSS hole for entering this form, this vulnerability cannot be exploited. My question is that my conclusion that it cannot be used is true or is something missing something?

+5

security xss innovation

Henri Sep 05 '09 at 18:28

source share

3 answers

, , FTP- , HTTP-. , . , , .

IE, , . . FTP , (21). . FTP- ( ) , -, , WebDAV.

0

ZZ Coder 06 . '09 9:41

, ,
FTP -
-, cookie. .

.

, , , FTP- .

0

dr. evil Sep 7 '09 at 12:55

source share

Cheekysoft · Accepted Answer · 2009-09-07T12:48:07+0000

This can be used as follows.

MrCrim wants to steal the login of the one who uses victim.net
MrCrim notices that the victim has an FTP server running on an unusual port
MrCrim creates a form on his own website, evil.com
The form contains "ftp commands" in the form elements, and its post action to the victim.
MrCrim writes a JS script that steals the document.cookie file from the site and places its script in the .js file on evil.com. This probably works, including the cookie string as part of the URL of the image source requested from evil.com.
One of the “ftp commands” in the MrCrim form is designed to write a small JS bit that the MrCrim cookie-stealing script executes
MrCrim entices people to look at evil.com by posting forums and spam.
UnsuspectingUser , , evil.com. , .
UnsuspectingUser Bam! JS "" FTP-, UnsuspectingUser cookie .net evil.com.
Profit!: -)

XSS Cross Protocol with Non-Standard Service Ports

More articles: