Paper: Kr3w's Cross-Site Scripting Tutorial

Written by Kr3w

Tuesday, 15 May 2007

In this paper, Kr3w provides a very good tutorial about cross-site scripting (XSS).


Paper: Applying XSS to Phishing Attacks

Written by Nexus,

Thursday, 3 May 2007

In this paper, Nexus presents and explains the techniques and codes which are used by phishers who are knowledgeable about certain aspects of cross-site scripting (XSS) exploitation, in order to attack users or webmasters of websites that are vulnerable to XSS.


Paper: Preventing CSRF Attacks

Written by Petko D. Petkov,

Saturday, 31 March 2007

In this paper, Petko D. Petkov explains how CSRF attacks can be prevented using tokens in a web application.


Paper: Double Trap XSS Injection: An Analysis

Written by Aditya K Sood, Metaeye Security Group

Wednesday, 28 March 2007

In this paper, Aditya K Sood demonstrates the double trap XSS injection with the scope of determining a new class of XSS exploitation. The  target is SecTheory consultation website.


Paper: Overtaking Google Desktop

Written by Yair Amit, Danny Allan and Adi Sharabani, Watchfire

Saturday, 24 February 2007

A research whitepaper from Watchfire, has revealed a serious cross-site scripting vulnerability in Google Desktop. Malicious people can exploit this vulnerability to access sensitive data on  the attacked systems and in some cases take full control of them.


Paper: Anatomy of a "Pseudo-Reflective" Worm

Written by Kyran

Tuesday, 20 February 2007

Kyran wrote a paper on the anatomy of a "Pseudo-Reflective" worm, which he coded to target


1 2 3 4 5 


45884 total xss
14724 special xss
3026 fixed
5140 xss onhold
2814 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.