The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	671/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 667 668 669 670 671 672 673 674 ... 875

Bog'liq
3794 1008 4334

C O M M O N M Y T H

“We’re not worried about that low-risk XSS bug — a user

could only exploit it to attack themselves.”

As the example illustrates, even apparently low-risk vulnerabilities can in the

right circumstances pave the way for a devastating attack. Taking a defense-

in-depth approach to security entails removing every known vulnerability,

however insignificant it may seem. Always assume that an attacker will be

more imaginative than you in devising ways to exploit minor bugs!

Payloads for XSS Attacks

So far, we have focused on the classic XSS attack payload, which is to capture

a victim’s session token, hijack their session, and thereby make use of the

application “as” the victim, performing arbitrary actions and potentially tak-

ing ownership of that user’s account. In fact, there are numerous other attack

payloads that may be delivered via any type of XSS vulnerability.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 667 668 669 670 671 672 673 674 ... 875