Just reading up on XSS (cross site scripting) attacks on web sites.
I ran across XSS shell which was linked from a few newsgroup postings where users were blatantly asking questions about how to hijack a web site using basic authentication and steal passwords. Some information was posted by securiteam.com about XSS-Shell:
http://www.securiteam.com/tools/6X00120HFO.html
This site states:
You can steal basic authentication, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.
Nice.
I then linked over to XSS Proxy which explains that Cross Site Scripting does not actually require a user to click on a link to execute if they visit a hijacked or purposefully set up web site that includes XSS code. This page has a bunch of links to more information about XSS and information about XSS-Proxy.
http://xss-proxy.sourceforge.net/
