PARTS:
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
WHAT'S HOT
Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
location string is purposely broken
because some browsers interpret JavaScript strings as an HTML before executing the
JavaScript. For POST HTML injections, you can write code like this:
Now place the code on your own web site or blog. If you don??™t already have one,
many free web site and blog hosting sites are available to use.
Our personal favorite obscuring technique is to abuse IE??™s MIME type mismatch
issue. For example, create a text file called cuteKitten.jpg containing the following:
Chapter 2: Cross-Site Scripting 49
Place cuteKitten.jpg online, say at http://somwhere.com/cuteKitten.jpg. When a
user clicks the link, IE will recognize that cuteKitten.jpg is not an image and then interpret
it as HTML.
Pages:
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
because some browsers interpret JavaScript strings as an HTML before executing the
JavaScript. For POST HTML injections, you can write code like this:
Now place the code on your own web site or blog. If you don??™t already have one,
many free web site and blog hosting sites are available to use.
Our personal favorite obscuring technique is to abuse IE??™s MIME type mismatch
issue. For example, create a text file called cuteKitten.jpg containing the following:
Chapter 2: Cross-Site Scripting 49
Place cuteKitten.jpg online, say at http://somwhere.com/cuteKitten.jpg. When a
user clicks the link, IE will recognize that cuteKitten.jpg is not an image and then interpret
it as HTML.
Pages:
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130