INFOSYS 727 Lab 07- Web hacking 03

Appspotcomstart to familiarize yourself with the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ss Gruyere, go to http://google-gruyere.appspot.com/start To familiarize yourself with the features of Gruyere, complete the following tasks: • View another user's snippets by following the "All snippets" link on the main page. Also check out what they have their Homepage set to. • Sign up for an account for yourself to use for hacking. Do not use the same password for your Gruyere account as you use for any real service. You will be logged into a unique instance of Gruyere with a unique id. • Fill in your account's profile, including a private snippet and an icon that will be displayed by your name. • Create a snippet (via "New Snippet") containing your favourite joke. • Upload a file (via "Upload") to your account. Web Exploitation and Vulnerabilities Exercise 2 Cross-Site Scripting (XSS) • Cross-site scripting (XSS) is a vulnerability that permits an attacker to inject code into contents of a website that are not under the attacker's control. Reflected XSS • This attack is in the request itself (frequently the URL) and the vulnerability occurs when the server inserts the attack in the response verbatim or incorrectly escaped or sanitized. The victim triggers the attack by browsing to a malicious URL created by the attacker. Stored XSS • The attacker stores the attack in the application (e.g., in a snippet) and the victim triggers the attack by browsing to a page on...
View Full Document

This document was uploaded on 04/04/2014.

Ask a homework question - tutors are online