The name cross-site
scripting is derived from the fact that one web site (or person) can inject script of their
choosing across security boundaries to a different and vulnerable web site. XSS is a type
of injection attack, but rather than the attacker directly performing the injection, the
attacker must lure the victim to perform the injection.
WEB BROWSER SECURITY MODELS
A variety of security controls are placed in web browsers. The key to hacking web
applications is to find a problem in one of the browser security controls or circumvent
one of the controls. Each security control attempts to be independent from the others, but
if an attacker can inject a little JavaScript in the wrong place, all the security controls
break down and only the weakest control remains??”the same origin policy.
The same origin policy generally rules all security controls. However, frequent flaws
in web browsers and in browser plug-ins, such as Acrobat Reader, Flash, and Outlook
Express, have compromised even the same origin policy.
In this chapter, we discuss three browser security models as they were intended to be:
??? The same origin policy
??? The cookies security model
??? The Flash security model
We also discuss how to use a little JavaScript to weaken some of the models.
Pages:
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86