Posts Tagged “Vulnerable code”

About Cross Site Scripting is currently often read about. It’s no wonder as each day new Webservices appear to catch some fame and traffic of web 2.0. Often they push the product out of the pipe as soon as possible, the security is in this moment just secondary( if they care even about it). After the release of the product, the motivation to hunt XSS flaws is minimal( I know this for myself on bug hunting). And when you send them an Email about it, it seems from time to time that they don’t even care about them when they get notified about some XSS flaw(see http://milw0rm.com for what I mean).

What are XSS flaws

As about XSS flaws is already often enough written I’ll keep this short. A XSS flaw occurs if a PHP script(or some other scripting language) uses an User submission without further checking, or a checking is based on Client side Verifications through JavaScript or similar. This submitted code is then Outputted to the User again. Where the JavaScript can read out cookies and send them to an attacker.

Persistent and Non-Persisten XSS

Read the rest of this entry »

Tags: none

Tags: Cross Site Scripting, Vulnerable code, XSS

Comments No Comments »

Bad Behavior has blocked 1455 access attempts in the last 7 days.