Nytro Posted March 4, 2013 Report Posted March 4, 2013 Post XSS Exploitation: Advanced Attacks and RemediesNishtha Jatana1, Adwiteeya Agrawal 2, Kritika Sobti 31Assistant professor, Department of Computer Science and Engineering, Maharaja Surajmal Institute of Technology, New Delhi, Indianishtha.jatana@gmail.com2,3 Student, Department of Information Technology, Maharaja Surajmal Institute of Technology, New Delhi, India adwiteeyaagrawal@gmail.com, kritikasobti92@gmail.comAbstract – XSS (cross site scripting) is a web application vulnerability wherein an end point user can pass simple scripts as payloads in un-sanitized input variables. XSS vulnerability has been in existence since long but the current scenario deals with exploiting these vulnerabilities for further attacks, this concept is known as "Post XSS Exploitation" and is focused upon in this paper. This paper presents an in depth study of the dangers of XSS vulnerabilities and vulgarizes its exploitation, it also showcases the remedies of post XSS attacks that can be adopted as a safeguard. Further we exploit a vulnerability and develop a novel module for one of the popular tools of post XSS exploitation. This module can be used to make a SIP (Session Initiation Protocol) call. It has been developed with the intention of being included into the new release of the XSSF framework.Download:www.exploit-db.com/download_pdf/24559 Quote
