An attacker for an unsuspecting user to send a malicious script can use XSS. The end user's browser script should not be trusted to know that there is no way, and the script will follow. Because it thinks the script came from a trusted source, the malicious script, cookies, session tokens, or is retained by the browser and used with that site can access any other sensitive information. This script can even rewrite the content of the HTML page can. XSS flaws for more details about the different types.
XSS using Script in Attributes
XSS attacks may be conducted without using <script></script> tags. Other tags will do exactly the same thing, for example:
<body onload=alert('test1')>
or other attributes like: onmouseover, onerror.
onmouseover
<b onmouseover=alert('Wufff!')>click me!</b>
onerror
<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
XSS using Script Via Encoded URI Schemes
If we need to hide against web application filters we may try to encode string characters, e.g.: a=A (UTF-8) and use it in IMG tag:
<IMG SRC=jAvascript:alert('test2')>
There are many different UTF-8 encoding notations what give us even more possibilities.
No comments:
Post a Comment