The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

processed by the application. A common XSS vulnerability arises in error

Download 5,76 Mb.

Pdf ko'rish

bet	690/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 686 687 688 689 690 691 692 693 ... 875

Bog'liq
3794 1008 4334

processed by the application. A common XSS vulnerability arises in error

messages, where items such as the

Referer

and

User-Agent

headers

are copied into the contents of the message. These headers are valid

vehicles for delivering a reflected XSS attack, because an attacker can use

a Flash object to induce a victim to issue a request containing arbitrary

HTTP headers.

Each potential vulnerability you have noted needs to be manually investi-

gated to verify whether it is actually exploitable. Your objective here is to find

a way of crafting your input such that, when it is copied into the same location

in the application’s response, it will result in execution of arbitrary JavaScript.

Let’s look at some examples of this.

Example 1

Suppose that the returned page contains the following:

One obvious way to craft an XSS exploit is to terminate the double quotation

marks that are enclosing your string, close the

tag, and then employ

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 686 687 688 689 690 691 692 693 ... 875