Browser

Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and Its Defense

Free registration required

Executive Summary

Attacks on web applications are growing rapidly with the opening of new technologies, HTML tags and JavaScript functions. Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources (cookies, credentials etc.) by injecting the malicious JavaScript code on the victim's web applications. The existing techniques like filtering of tags and special characters, maintaining a list of vulnerable sites etc. cannot eliminate the XSS vulnerabilities completely. In this paper, initially the authors have tried out the experiments on the exploitation of XSS vulnerabilities using local host server (i.e. XAMPP). After this, they have investigated for the XSS vulnerabilities on social networking sites (like Facebook, Orkut, Blogs, Twitter etc.) and tried to exploit the same on blogs.

  • Format: PDF
  • Size: 537.81 KB