Welcome to YLOAN.COM
yloan.com » misc » vulnerability types
Gadgets and Gizmos misc Design Bankruptcy Licenses performance choices memorabilia bargain carriage tour medical insurance data

vulnerability types

Author: neodean dean

Author: neodean dean

Types of Cross Site Scripting vulnerabilities

Non-Persistent XSS Vulnerability

Persistent XSS vulnerabilities DOM based XSS Vulnerabilities

The attack lies based on principle in exploiting lack of proper output and input validation on dynamic websites. When a certain input string (HTML characters) is regenerated or printed on screen without any filtering (or encoding) by the server side scripts, an attacker is able to inject her own code into the dynamic webpage. The attacker can then use the trusted server to forward the code to the victim's browser, which executes it is from a trusted server as it assuming. Let's look at an example with a link that has an embedded JavaScript code.The target website searchengine.com? has a vulnerable variable vul? on the s.php? page, which does not employ any sort of input validation. This vulnerability can be exploited by embedding the alert ([removed])? JavaScript function, which displays the current cookie in a dialog box: ">http://searchengine.com/s.php?vul=">

Persistent Cross Site Scripting vulnerabilities

Persistent XSS vulnerabilitiesalso known as savedor second order vulnerabilities, are generally targeted at websites that allow users to input permanent data, such as forums, message boards, guest books, etc. Suppose we h'v an message board online allowing users to post in the form of HTML formatted messages.

When unsuspecting users visit the page with the code mentioned above, instead of getting an image on their screens, they are redirected to the attacker's web site(badguy.com), where the page is setup to retrieve the victims' cookie by the name as cookiecatcher.php . The greatest adversity in a persistent XSS attack is the large number of victims that can be targeted in one shot.

Document Object Model based XSS Vulnerabilities

The DOMis the standard structure layout to represent HTML and XMLdocuments in the browser. The DOM based vulnerability is also known as local vulnerability since it occurs due to active content on the client side script of a webpage. Document components such as forms , fields, and cookies can be referenced through JavaScript in a DOM. In a DOM based attack, the attacker uses the DOM environment to modify the original client side JavaScript. This causes the victim's browser to execute the resulting abusive JavaScript code. Let uslook at following script: Choose your Country: This script can be used in any HTML page and to select 'US' as a country, following link is used: http://www.victim.site/vul.html?country=US But, if the given link is injected with the following JS code: http://www.victim.site/vul.html?country= When a victim visits this link, a DOM object is created by the browser in which the document.location? object contains the cross site scripting string. As the original script on the page does not anticipate this command it simply reflects the JavaScript into the DOM environment.The browser executes the JavaScript function alert()? and creates the resulting page .


sourses:

Review Fully here related www.LogicalSecurity.com articles

About the Author:

Neo dean
Squeeze Page Templates El Líder Y El Alineamiento Del Equipo De Trabajo Nrj Ru. Расслабляйтесь Неизменно С Радостью Alopecia Androgenética Anyone Know Reverse Lookup Cell Numbers The Best Way To Cook Freshly Caught Fish Cartier, Offering the second Chance Wrappin’ Up 2009 With RDB How to Find the Best Treadmills Anyone Know Anywho White Pages Cartier, Releasing Me from Loneliness I Want To Find Order Att Uverse Dragonfable Hacks
print
www.yloan.com guest:  register | login | search IP(216.73.216.146) California / Anaheim Processed in 0.017944 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 27 , 3618, 85,
vulnerability types Anaheim