Vulnerability Development mailing list archives
Re: Cross Site Scripting Vulnerabilities on Major Websites
From: alrferreira () carol com br
Date: Fri, 8 Mar 2002 17:01:10 -0300
One is about a problem where many programmers have not given no attention. It engloba a bigger number of attacks beyond scripts; one is about one used technique for many types of attacks that try to explore the confidence between an user and a site. The problem appears when a long ago trustworthy site incorporates in itself proper dynamic data supplied by its users without verifying these inputs full. Badly-intentioned users can explore this problem supplying given to the site who finish presenting shown unexpected collateral effect when being. These effect normally involve the sending of data when cracker by means of one another less safe site, even so they can (in rare cases) use the site in itself to transmit the information. That is, through a code in the malicious HTML or XML, aggressor it can use tags that they can bring a serious comprometimento of the system. An aggressor can make a victim to send its data for the program. Then the program has that to be apt to protecting the victim of it. Much thing is for still happening... Without more, André Luiz Rodrigues Ferreira Carol - Depto. de Informática - Orlandia-SP-Brasil alrferreira () carol com br - http://freecode.linuxsecurity.com.br Leia: http://www.linuxsecurity.com.br/sections.php?op=listarticles&secid=10 Sem mais,
Current thread:
- Cross Site Scripting Vulnerabilities on Major Websites Jeremiah J. Jacks (Mar 08)
- <Possible follow-ups>
- Re: Cross Site Scripting Vulnerabilities on Major Websites alrferreira (Mar 08)