The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 12 

■

Attacking Other Users

405

T I P

As with other attacks, be sure to URL-encode any special characters that

have a significance within the request, including 

& = + ;

and space.

Other Entry Points for JavaScript

In addition to the common examples just illustrated, there are numerous other

possible entry points for XSS attacks, arising from the complexities of the

HTML language. Many of these examples are affected by anomalies in the way

different browser platforms and versions handle unusual HTML. For example:

■■

On Internet Explorer, many tags will accept a 

style

attribute containing

JavaScript in an 

expression

string. For example:

style=x:expression(alert(document.cookie))

■■

In Firefox, if you control the 

content

attribute of a refresh meta tag, you

can inject a URL that uses the 

javascript:

protocol (as well as doing

arbitrary redirects). For example:

.cookie);>

If you encounter any unusual situations that you are unfamiliar with, we

recommend that you consult the excellent XSS Cheat Sheet maintained by

RSnake, located here:

http://ha.ckers.org/xss.html

HACK STEPS

Download 5,76 Mb.

Do'stlaringiz bilan baham: