Security Basics mailing list archives
Paper: The Anatomy of Cross Site Scripting
From: Gavin Zuchlinski <gzuchlinski () pgsit org>
Date: Thu, 6 Nov 2003 16:20:02 -0500
Hi, I recently wrote a paper about fully attacking cross site scripting: "Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. They are unique in that, rather than attacking a server directly, they use a vulnerable server as a vector to attack a client. This can lead to extreme difficulty in tracing attackers, especially when requests are not fully logged (such as POST requests). Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities." The paper can be found at http://libox.net/xss_anatomy.php (my apologies in advance about posting to multiple lists) -Gavin http://libox.net --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Paper: The Anatomy of Cross Site Scripting Gavin Zuchlinski (Nov 07)