Skip to main content

HTML injection and cross-site scripting (XSS)

HTML injection and cross-site scripting (XSS) is an ideal vulnerable to exploitfor attackers across the spectrum of sophistication and programming knowledge.
Exploits are easy to write, requiring no more tools than a text editor—or sometimes just the browser’s navigation bar—and a cursory knowledge of JavaScript, unlike buffer overlow exploits that call for more esoteric assembly, compilers, and debugging. XSS also offers the path of least resistance for a payload that can affect Windows, OSX, Linux, Internet Explorer, Safari, and Opera alike. The web browser is a universal platform for displaying HTML and interacting with complex web sites.
When that HTML is subtly manipulated by a few malicious characters, the browser becomes a universal platform for exposure. With so much personal data stored in web applications and accessible through URLs, there’s no need for attackers to make the extra effort to obtain “root” or “administrator” access on a victim’s system. The reason for targeting browsers is like the infamous crook’s response to why he robbed banks: “Because that’s where the money is.”

HTML injection affects security-aware users whose computers have the latest firewalls, anti-virus software, and security patches installed almost as easily as the casual user taking a brief moment in a cafe to check e-mail. Successful attacks target data already in the victim’s browser or use HTML and JavaScript to force the browser to perform an untoward action. HTML and JavaScript are working behind the scenes inside the browser every time you visit a web page. From a search engine to web-based e-mail to reading the news—how often do you inspect every line of text being loaded into the browser?
Some measure of protection can be gained by maintaining an up-to-date browser,but mostly in terms of HTML injection that attempts to load exploits for the browser’s plugins like Java or Flash. The major web browser vendors continue to add in-browser defenses against the most common forms of XSS and other web-based exploits. The primary line of defense lays within the web sites themselves, which must ilter, encode, and display content correctly and safely in order to protect visitors from being targeted by these attacks.


 // ******************************* //

more tricks about html attacks :

<img/src="mars.png"alt="mars">
<object><param name="src" value= "javascript:alert(0)"></param></object>
Round about way to assign the src paramater
<object data="javascript:alert(0)">
<isindex type=image src=1 onerror=alert(1)>
<isindex action=javascript:alert(1) type=image>
<img src=x:alert(alt) onerror=eval(src) alt=0>
src = this.src, alt = this.alt

<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
Content served as text/xml and text/xml-xhtml can execute JavaScript by using html and xhtml namespaces


Hacking Web Apps.
Detecting and Preventing Web Application Security Problems
Labels:

Comments

Post a Comment

Popular posts from this blog

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB. SQL > show parameters audit_trail NAME                                 TYPE        VALUE ------------------------------------ ----------- ------------------------------ audit_trail                          string      DB in this case , when you do audit on some table. SQL> audit all on scott.emp by access; Audit succeeded SQL> update emp set sal=sal*0.95 where job='MANAGER'; 3 rows updated. if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.
Post a Comment
Read more

Web Application Security Scanner : Sandcat

Sandcat is multi-process remote web application security scanner. It maps the entire web site structure ( all links , forms , XHR requests and other entry points) and tries to find custom,unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST).  It also tests for SQL Inection, XSS, File inclusion and many other web application vulnerability classes.  Sandcat's code scanning functionality automates the process of reviewing the web application's code .  Source : CEH Lectures ...
Post a Comment
Read more