Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense

Artigo Acesso aberto

Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense

2012; Volume: 60; Issue: 14 Linguagem: Inglês

10.5120/9762-3594

ISSN

0975-8887

Autores

Shashank Gupta, Lalitsen Sharma,

Tópico(s)

Spam and Phishing Detection

Resumo

Attacks on web applications are growing rapidly with the opening of new technologies, HTML tags and JavaScript functions.Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources (cookies, credentials etc.) by injecting the malicious JavaScript code on the victim's web applications.The existing techniques like filtering of tags and special characters, maintaining a list of vulnerable sites etc. cannot eliminate the XSS vulnerabilities completely.In this paper, initially we have tried out the experiments on the exploitation of XSS vulnerabilities using local host server (i.e.XAMPP).After this, we have investigated for the XSS vulnerabilities on social networking sites (like Facebook, Orkut, Blogs, Twitter etc.) and tried to exploit the same on blogs.Finally, on the basis of some analysis and results, we have discussed a novel technique of mitigating this XSS vulnerability by introducing a Sandbox environment on the web browser.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense