XSS a shadow of things to come
I have been fascinated by Guninski’s work. I feel he fathered client-side attack vectors, laying the foundation for what we see today. We will come back to this in a minute.
Its an interesting question and one that I have thought quite alot about:
“What can one actually do with XSS?”
At the moment XSS attack vectors seem to be primarily limited to the browser. Even RSnake’s exponential-xss-attacks blog entry seems to dwell solely on exploiting the browser.
Guninski’s work was focused on exploiting not just the browser but to explore all avenues. He exploited MS Office packages, Internet Explorer, Microsoft Outlook and Windows Media Player to name a few. Awesome, awesome stuff.
pdp and I took this work further by exploiting similar vulnerabilities in Quicktime, Flash, PDF, Images etc. We are just scratching the surface here.
In short, browser exploitation is all well and fine but with projects like Adobe’s new Apollo all hell is going to break lose. Web technologies will be seamlessly integrated with the desktop environment. XSS scratches the surface.
Yes, as RSnake said you can completely own the browser. Yes, XSS is powerful and bad! however, with a little creativity you can completely own the user’s cyberlife through G-CSH “Generic Client-Side Hacking” vulnerabilities. The focus needs to get out of the browser. There are so many possibilies here! We have only touched on what there is to find.
Nuff said, its bedtime.