The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 12 

■

Attacking Other Users

401

interface. Common locations where user-controllable data may eventually be

displayed to other users include:

■■

Personal information fields — name, address, email, telephone, and 

the like.

■■

Names of documents, uploaded files, and other items.

■■

Feedback or questions to application administrators.

■■

Messages, comments, questions, and the like to other application users.

■■

Anything that is recorded in application logs and displayed in-browser to

administrators, such as URLs, usernames, HTTP 

Referer

, 

User-Agent

,

and the like.

In these cases, the XSS payload is delivered simply by submitting it to the

relevant page within the application and then waiting for victims to view the

malicious data.

Out-of-band delivery applies in cases where the data that is the subject of

the vulnerability is supplied to the application through some other channel.

The application receives data via this channel and ultimately renders it within

HTML pages that are generated within its main web interface. An example of

this delivery mechanism is the attack already described against web mail

applications, which involves sending malicious data to an SMTP server, which

is eventually displayed to users within an HTML-formatted email message.

Download 5,76 Mb.

Do'stlaringiz bilan baham: