The Anatomy of Cross Site Scripting

← Back to Stories (view on slashdot.org)

The Anatomy of Cross Site Scripting

Posted by CmdrTaco on Friday November 7, 2003 @04:41AM from the vulnerabilities-are-lurking-everywhere dept.

LogError writes "Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities."

9 of 208 comments (clear)

Min score:

Reason:

Sort:

Re:Text Version for People Who Hate PDFs by Anonymous Coward · 2003-11-07 04:44 · Score: 3, Funny

I, for one, welcome our Karma loving Whorverloads.
Re:Can someone explain? by Anonymous Coward · 2003-11-07 04:46 · Score: 2, Funny

Writing an X instead of the word 'cross' makes you l33t.

DUH.
Re:Static by Anonymous Coward · 2003-11-07 04:59 · Score: 1, Funny

Static webpages aren't vunerable to this kind of attack. Yay!

Neither is my Ford Taurus, Orangutans, or bananas. What's your point?
But of course by freeweed · 2003-11-07 05:02 · Score: 4, Funny

have we reverted to referring to letters by the way they look?

Why yes.

You ever notice that "C" stands for "Cookie"?

It's good enough for me.

Now find me some Crescent shaped cookies.

--
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Re:English for Geeks 101 by aminorex · 2003-11-07 05:05 · Score: 3, Funny

I'm not going to just lay here and take this.
Hey, if you don't like the affect of English
spelling history, you can just immigrate to
some place where they speak Canadian. Your
allusions of superiority try to make capitol
of the principals of colloquial language, but
in doing so they create a climactic change
which I find frankly unseasoned.

--
-I like my women like I like my tea: green-
Lethal !!! by Timesprout · 2003-11-07 05:07 · Score: 5, Funny

Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal

You better believe it. Why only last week I had one of my web developers executed for writing code vunerable to a Cross Scripting Attack. I dont want any slackers on my team.

PS I now have an opening for an experienced web developer. Sent resumes to spareme@icodetolive.com

--
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
1. Re:Lethal !!! by cybermace5 · 2003-11-07 11:50 · Score: 2, Funny
  
  I hope you ran a virus scan on the developer before you executed him.
  
  --
  ...
Re:Static by orthogonal · 2003-11-07 05:13 · Score: 4, Funny

Static webpages aren't vunerable to this kind of attack. Yay!
Neither is my Ford Taurus, Orangutans, or bananas. What's your point?

You're sure bananas aren't vulnerable?

Now he tells me. Oh, oh, the time I have wasted.

--
Opinions on the Twiddler2 hand-held keyboard?
The most dangerous web problem out there by cluge · 2003-11-07 06:15 · Score: 2, Funny

Slashdot - you provide some good security information and the next thing you know - 2.5 million hits later your server is a puddle of smoldering silicon and smells really bad. XSS isn't anything compared to the damage that slashdot's attention can get you.

Our next paper - how to survive a slashdotting.

--
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.