Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Detecting cross-site scripting attacks

RE: Detecting cross-site scripting attacks

From: Calderon, Juan C (CORP, DDEMESIS) <Juan.Calderon_at_ddemesis.ge.com>
Date: Wed, 14 May 2003 11:15:19 -0400

*******************
I am new to web application security, a lot of layer 7 application
security products detect cross-site scripting attacks (ex: sanctum
appshield). How these products do?
*******************

I agree with Roshen, this products look for <script> tags into the Query string (parameters part of URL) or the POST bytes flow into HTTP requests.

How ever not only this tag could be used for data stealing, some other like <FORM> can be used as well by "replacing" real forms, making users send sensitive information to a diferent site that the one intended. This is the same basis than in XSS, except that your are not running any script.

you may find interesting this article from CERT
http://www.cert.org/advisories/CA-2000-02.html
Received on May 14 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos