Monday, September 6, 2010

XSS Defeating PoC : if have any time for Experimentation


It's still in experimental state, if you find some time please try it and let me know of your experience.

Video Demo of the same PoC: http://www.youtube.com/watch?v=ENiiAccY1v0


I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.
This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user's browser.

I'm not good at explaining still I've tried to do that in the above linked WhitePaper.

And the ZIP file can be extracted, having 'StartDemo.bat' to be executed to start the server already patched with XSS Subverting Module.
Then browse, 'http://localhost/tweet.htm' in any browser... and it lets you Submit any text to Server w/o validation which is as it is saved there. But when retrieved on 'Read...' remains inactive for any

No comments:

Post a Comment

Post a Comment