Categories
Attacks and Exploits
Certifications and Career
Cryptology
Detection and Prevention
Industry and Userbase
Legal and Regulatory
Network and Infrastructure
Policies and Processes
Protocols and Services
Response and Recovery
Scanning and Auditing
Servers and Systems
Software and Applications
Standards and Methods
Tools and Utilities

Popular Tags
forensics, legal, microsoft, china, vista, spam, ddos, dos, disaster recovery, patriotact

Top Members (rating)
Kelsea (1065)
Mitchell (256)
Jennifer (207)
Paperboy (0)
Melrose2703 (0)
santhoshk (0)
Bulltrader (0)
nishith123 (0)
Atony (0)

RSS Feeds
Papers
Forum Posts

Cross-Sight ScriptingVulnerabilities

Written by Mark Shiarla Source SANS Institute

Save | Report | Email

Added on (Edited 08/16/07)

Cross-sight scripting is a vulnerability that is a potential threat to most Web servers and browsers. It is not a product specific attack. Servers that embed browser input into dynamically generated HTML pages can be manipulated into becoming a launch pad for running an attacker's malicious code. Servers that use static pages are immune to this type of attack because they have full control over how their Web pages will be interpreted. The attacker does not modify the content of the Website. The attacker merely inserts new script that can be executed by a browser. As a result, it is possible for the malicious code to run without the server or the end user realizing that anything different has happened.

Read the Complete Paper

Current Tags:
None

Add Tags:

Current Rating:

(0 votes)

Add Rating:

Post Comment

Cite in Modern Language Association (MLA) Style

"Cross-Sight ScriptingVulnerabilities" SANS Institute, , UTC. 03 Jul 2008, 23:39 <http://www.sans.org/reading_room/whitepapers/threats/478.php>

Cite in Chicago Style

Mark Shiarla, "Cross-Sight ScriptingVulnerabilities," http://www.sans.org/reading_room/whitepapers/threats/478.php (accessed Jul 03, 2008 ).

Welcome nishith123, the newest member New user? Register Login
	Advanced Search