This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ss Gruyere, go to http://google-gruyere.appspot.com/start
To familiarize yourself with the features of Gruyere, complete the following tasks:
• View another user's snippets by following the "All snippets" link on the main page. Also check out
what they have their Homepage set to.
• Sign up for an account for yourself to use for hacking. Do not use the same password for your
Gruyere account as you use for any real service. You will be logged into a unique instance of
Gruyere with a unique id.
• Fill in your account's profile, including a private snippet and an icon that will be displayed by your
• Create a snippet (via "New Snippet") containing your favourite joke.
• Upload a file (via "Upload") to your account. Web Exploitation and Vulnerabilities
Cross-Site Scripting (XSS)
• Cross-site scripting (XSS) is a vulnerability that permits an attacker to inject code into
contents of a website that are not under the attacker's control. Reflected XSS
• This attack is in the request itself (frequently the URL) and the vulnerability occurs
when the server inserts the attack in the response verbatim or incorrectly escaped or
sanitized. The victim triggers the attack by browsing to a malicious URL created by the
attacker. Stored XSS
• The attacker stores the attack in the application (e.g., in a snippet) and the victim
triggers the attack by browsing to a page on...
View Full Document
This document was uploaded on 04/04/2014.
- Spring '14