Jump to content
zbeng

HTML Code Injection and Cross-site scripting

By zbeng, in Tutoriale in engleza

Recommended Posts

zbeng Newbie

zbeng

Posted
Posted

Written by Gunter Ollmann

Contents:

* Abstract

* Introduction

* Code Insertion

* Malicious Code

* Cross-Site Scripting

* Understanding Code Insertion

o Inline Scripting

o Forced Error Responses

o Non <SCRIPT> Events

o Javascript Entities

o Typical Payloads Formatting

* Bypassing Anti-CSS Filters

* Web Integration

o The Flash! Attack

* The Impact

* Vulnerability Checking

* Put It All Together

* Defending Against the Attack

o Solutions for Users

o Solutions for Developers and Organisations

+ Limit Server Responses

+ Enforce Response Lengths

+ HTTP Referer

+ Embedded Files and Objects

+ HTTP POST not GET

+ Cookie Inspection

+ URL Session Identifier

* Character Sets

* Dangerous Content

* Encode output based upon input parameters

o Filter input parameters for special characters

o Filter output based upon input parameters for special characters

* References

il gasiti aici :http://www.technicalinfo.net/papers/CSS.html

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...