WebApp Sec: RE: Detecting cross-site scripting attacks

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: Detecting cross-site scripting attacks

From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Wed, 14 May 2003 11:15:19 -0400

*******************
I am new to web application security, a lot of layer 7 application 
security products detect cross-site scripting attacks (ex: sanctum 
appshield). How these products do?
*******************

I agree with Roshen, this products look for <script> tags into the Query string (parameters part of URL) or the POST 
bytes flow into HTTP requests.

How ever not only this tag could be used for data stealing, some other like <FORM> can be used as well by "replacing" 
real forms, making users send sensitive information to a diferent site that the one intended. This is the same basis 
than in XSS, except that your are not running any script.

you may find interesting this article from CERT
http://www.cert.org/advisories/CA-2000-02.html

By Date By Thread

Current thread:

Detecting cross-site scripting attacks Cedar Moore (May 13)
- RE: Detecting cross-site scripting attacks roshen.chandran (May 14)
- <Possible follow-ups>
- RE: Detecting cross-site scripting attacks Harbar, Spencer (May 14)
- Re: Detecting cross-site scripting attacks Cedar Moore (May 14)
  - RE: Detecting cross-site scripting attacks Vinny Bedus (May 14)
- RE: Detecting cross-site scripting attacks Calderon, Juan C (CORP, DDEMESIS) (May 14)