Computer and Network Security, Boneh (1196)_Part90.pdf

Computer and Network Security, Boneh (1196)_Part90.pdf -...

This preview shows page 1 - 5 out of 5 pages.

<html> Results for <script> window.open(? ... document.cookie ...) </script> </html> Attack Server Victim Server Victim client user gets bad link user clicks on link victim echoes user input ? term = <script> ... </script>
Image of page 1

Subscribe to view the full document.

Definition of XSS An XSS vulnerability is present when an attacker can inject scripting code into pages generated by a web application Methods for injecting malicious code: n Reflected XSS (“type 1”) w the attack script is reflected back to the user as part of a page from the victim site n Stored XSS (“type 2”) w the attacker stores the malicious code in a resource managed by the web application, such as a database n Others, such as DOM-based attacks
Image of page 2
Email version of reflected XSS Attack Server Server Victim User Victim Collect email addr send malicious email click on link echo user input
Image of page 3

Subscribe to view the full document.

Image of page 4
Image of page 5
  • Fall '13
  • PeterSchmidt
  • attack, Portable Document Format

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern