Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and Its Defense

Attacks on web applications are growing rapidly with the opening of new technologies, HTML tags and JavaScript functions. Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources (cookies, credentials etc.) by injecting the malicious JavaScript code on the victim's web applications. The existing techniques like filtering of tags and special characters, maintaining a list of vulnerable sites etc. cannot eliminate the XSS vulnerabilities completely. In this paper, initially the authors have tried out the experiments on the exploitation of XSS vulnerabilities using local host server (i.e. XAMPP). After this, they have investigated for the XSS vulnerabilities on social networking sites (like Facebook, Orkut, Blogs, Twitter etc.) and tried to exploit the same on blogs.

Provided by: International Journal of Computer Applications Topic: Software Date Added: Dec 2012 Format: PDF

Find By Topic