Saturday, June 1, 2019

Google.com Essay -- Technology, Vulnerabilities

Three famous real-world examples of first-order XSS vulnerabilities were discovered in Google.com 36, CBS News 37 and in ATutor 38. In 2005 Google.com website had XSS vulnerabilities that allowed attackers to impersonate legitimate subscribers of Googles services. Then, in 2006 CBS News published an official announcement claiming that President Bush appointed a nine-year old boy to be the chairperson of the InfoSec Department. This was obviously a fake news. Recently, an XSS vulnerability was discovered in ATutor that allowed scripts to be injected into nearly every URL request parameter that eventually resulted in the result page to include the malicious scripts. 2.5.2 Stored XSS Stored XSS (aka Persistent or Type 2 or Second-Order) 32, 34, 35 occurs when a vulnerable Web application accepts malicious code, stores it and later on distributes it in response to a separate HTTP request. In contrast to reflected XSS, Type 2 XSS rather than getting immediately reflected to the user, th e attack payload is stored (in a database or in file system) and displayed to end-users in...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.