The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 12 ■ Attacking Other Users

Download 5,76 Mb.

Pdf ko'rish

bet	721/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 717 718 719 720 721 722 723 724 ... 875

Bog'liq
3794 1008 4334

Aside from the question of whether any filter bypasses are possible, you have now seen three reasons why this claim can be incorrect

Chapter 12

■

Attacking Other Users

419

70779c12.qxd:WileyRed 9/14/07 3:14 PM Page 419

C O M M O N M Y T H

“We check every user request for embedded script tags,

so no XSS attacks are possible.”

Aside from the question of whether any filter bypasses are possible, you have

now seen three reasons why this claim can be incorrect:

■■

In some XSS flaws, the attacker-controllable data is being inserted

directly into an existing JavaScript context, and so there is no need to

use either script tags or the

javascript:

protocol. In other cases, you

can inject an event hander containing JavaScript without using any

script tags.

■■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 717 718 719 720 721 722 723 724 ... 875