The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	648/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 644 645 646 647 648 649 650 651 ... 875

Bog'liq
3794 1008 4334

Reflected XSS Vulnerabilities

C O M M O N M Y T H

“You can’t own a web application via XSS.”

The authors have owned numerous applications using only XSS attacks. In the

right situation, a skillfully exploited XSS vulnerability can lead directly to a

complete compromise of the application. We will show you how.

Reflected XSS Vulnerabilities

A very common example of XSS occurs when an application employs

a dynamic page to display error messages to users. Typically, the page takes a

parameter containing the text of the message, and simply renders this text

back to the user within its response. This type of mechanism is convenient for

developers, because it allows them to invoke a customized error page from

anywhere in the application, without needing to hard-code individual mes-

sages within the error page itself.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 644 645 646 647 648 649 650 651 ... 875