Web Development

XCS: Cross Channel Scripting and Its Impact on Web Applications

Free registration required

Executive Summary

The authors study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management systems. All the devices the authors examine turn out to be vulnerable to a variety of web attacks, including Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF). In addition, the authors show that consumer electronics are particularly vulnerable to a nasty form of persistent XSS where a non-web channel such as NFS or SNMP is used to inject a malicious script.

  • Format: PDF
  • Size: 840.2 KB