Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Anatomy of Cross Site Scripting

Posted by CmdrTaco on from the vulnerabilities-are-lurking-everywhere dept.

LogError writes "Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities."

5 of 208 comments (clear)

  1. Re:Text Version for People Who Hate PDFs by Anonymous Coward · · Score: 3, Funny

    I, for one, welcome our Karma loving Whorverloads.

  2. But of course by freeweed · · Score: 4, Funny

    have we reverted to referring to letters by the way they look?

    Why yes.

    You ever notice that "C" stands for "Cookie"?

    It's good enough for me.

    Now find me some Crescent shaped cookies.

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
  3. Re:English for Geeks 101 by aminorex · · Score: 3, Funny

    I'm not going to just lay here and take this.
    Hey, if you don't like the affect of English
    spelling history, you can just immigrate to
    some place where they speak Canadian. Your
    allusions of superiority try to make capitol
    of the principals of colloquial language, but
    in doing so they create a climactic change
    which I find frankly unseasoned.

    --
    -I like my women like I like my tea: green-
  4. Lethal !!! by Timesprout · · Score: 5, Funny

    Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal

    You better believe it. Why only last week I had one of my web developers executed for writing code vunerable to a Cross Scripting Attack. I dont want any slackers on my team.

    PS I now have an opening for an experienced web developer. Sent resumes to spareme@icodetolive.com

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  5. Re:Static by orthogonal · · Score: 4, Funny
    Static webpages aren't vunerable to this kind of attack. Yay!
    Neither is my Ford Taurus, Orangutans, or bananas. What's your point?

    You're sure bananas aren't vulnerable?

    Now he tells me. Oh, oh, the time I have wasted.
    --
    Opinions on the Twiddler2 hand-held keyboard?