|
Vulnerability Development
mailing list archives
Re: Cross Site Scripting Vulnerabilities on Major Websites
From: alrferreira () carol com br
Date: Fri, 8 Mar 2002 17:01:10 -0300
One is about a problem where many programmers have not given no attention.
It engloba a bigger number of attacks beyond scripts; one is about one used
technique for many types of attacks that try to explore the confidence
between an user and a site.
The problem appears when a long ago trustworthy site incorporates in
itself proper dynamic data supplied by its users without verifying these
inputs full. Badly-intentioned users can explore this problem supplying
given to the site who finish presenting shown unexpected collateral effect
when being.
These effect normally involve the sending of data when cracker by means of
one another less safe site, even so they can (in rare cases) use the site
in itself to transmit the information.
That is, through a code in the malicious HTML or XML, aggressor it can use
tags that they can bring a serious comprometimento of the system. An
aggressor can make a victim to send its data for the program. Then the
program has that to be apt to protecting the victim of it. Much thing is
for still happening...
Without more,
André Luiz Rodrigues Ferreira
Carol - Depto. de Informática - Orlandia-SP-Brasil
alrferreira () carol com br - http://freecode.linuxsecurity.com.br
Leia: http://www.linuxsecurity.com.br/sections.php?op=listarticles&secid=10
Sem mais,
 By Date 
By Thread
Current thread:
|
Intro
