WebApp Sec mailing list archives
Exploiting reflected XSS vulnerabilities, where user input must come through HTTP Request headers
From: kuza55 <kuza55 () gmail com>
Date: Thu, 12 Jul 2007 12:27:52 +1000
Contents: ======================================= 1.0 Introduction 2.0 The User_Agent Header 3.0 (Known) Firefox & Safari Request Header Injection (Sometimes) 4.0 Attacking Caching Proxies 5.0 References 1.0 Introduction ======================================= Ever since Adobe patched Flash player to stop attackers spoofing certain headers such as Referer, User-Agent, etc, it has been considered impossible to exploit XSS vulnerabilities where the user input is taken from a request header, e.g. when a website prints out what User-Agent a user's browser is sending, without escaping it. With the exception of the Referer header which we can control enough to exploit XSS attacks through it. I want to showcase several ways in which we can still exploit these vulnerabilities. The rest of the write-up is at: http://kuza55.blogspot.com/2007/07/exploiting-reflected-xss.html ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack AttacksHackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe --------------------------------------------------------------------------
Current thread:
- Exploiting reflected XSS vulnerabilities, where user input must come through HTTP Request headers kuza55 (Jul 15)