[...]... also across the industry In a discussion around mid-January, the cross organization team chose Cross Site Scripting from a rather humorous list of proposals: ■ Unauthorized Site Scripting ■ Unofficial Site Scripting ■ Uniform Resource Locator (URL) Parameter Script Insertion 436 _XSS_ 01.qxd 4/19/07 3:14 PM Page 3 Cross- site Scripting Fundamentals • Chapter 1 ■ Cross- site Scripting ■ Synthesized Scripting. .. 439 436 _XSS_ 01.qxd 4/19/07 3:14 PM Page 1 Chapter 1 Cross- site Scripting Fundamentals Solutions in this chapter: ■ History of Cross- site Scripting ■ Web Application Security ■ XML and AJAX Introduction Summary Solutions Fast Track Frequently Asked Questions 1 436 _XSS_ 01.qxd 2 4/19/07 3:14 PM Page 2 Chapter 1 • Cross- site Scripting Fundamentals Introduction Cross- site scripting vulnerabilities... would have no means of self -defense other than to switch off JavaScript Over the years what was originally considered to be cross- site scripting, became simply known as a Web browser vulnerability with no special name What was HTML Injection and malicious linking are what’s now referred to as variants of cross- site scripting, or “persistent” and “non-persistent” cross- site scripting, respectively Unfortunately... Advertising 252 Airpwned with XSS 252 XSS Injection: XSSing Protected Systems 256 The Decompiled Flash Method 256 Application Memory Massaging – XSS via an Executable 261 XSS Old School - Windows Mobile PIE 4.2 262 Cross- frame Scripting Illustrated 263 XSSing Firefox Extensions ... applications and the only way they can spread is by exploiting XSS vulnerabilities However, there are many browser bugs that can exploit your system 436 _XSS_ 01.qxd 4/19/07 3:14 PM Page 13 Cross- site Scripting Fundamentals • Chapter 1 as well In that respect, XSS worms that contain browser bug exploits can also compromise your system Q: XSS attacks can compromise my online account but not my network Is... paper on XSS flaws entitled “Script Injection.” In 2005, the first XSS worm known as Samy attacked the popular social networking Web site MySpace Web Application Security The Web is one of the largest growing industries, a playground of 800 million users, home of 100 million Web sites, and transporter of billions of dollars everyday 11 436 _XSS_ 01.qxd 12 4/19/07 3:14 PM Page 12 Chapter 1 • Cross- site Scripting. .. also tried to run a script Q: Does my anti-virus software protect me from XSS attacks? A: No Ant-virus software protects you from viruses and other types of malicious code that may be obtained from a XSS vulnerability Some ant-virus software can detect known types of malware, but they cannot prevent XSS from occurring Q: Can XSS worm propagate on my system? A: XSS worms affect Web applications and the... Introduction 192 DNS Pinning 192 Anti-DNS Pinning 194 Anti-Anti-DNS Pinning 196 Anti-anti-anti-DNS Pinning AKA Circumventing Anti-anti-DNS Pinning 196 Additional Applications of Anti-DNS Pinning 197 IMAP3 199 MHTML ... Page x Contents Chapter 3 XSS Theory 67 Introduction 68 Getting XSS ed 68 Non-persistent 69 DOM-based 73 Persistent 75 DOM-based XSS In Detail 75 Identifying DOM-based XSS Vulnerabilities ... 335 Overview of XSS- Proxy 338 XSS- Proxy Hijacking Explained 341 Browser Hijacking Details 343 Attacker Control Interface 346 Using XSS- Proxy: Examples 347 Setting Up XSS- Proxy 347 Injection and Initialization Vectors For XSS- Proxy 350 Handoff and CSRF With Hijacks 352 . of pro- posals: ■ Unauthorized Site Scripting ■ Unofficial Site Scripting ■ Uniform Resource Locator (URL) Parameter Script Insertion 2 Chapter 1 • Cross- site Scripting Fundamentals 436 _XSS_ 01.qxd. malicious linking are what’s now referred to as variants of cross- site scripting, or “persis- tent” and “non-persistent” cross- site scripting, respectively. Unfortunately this is a big reason why. publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN-10: 1-5 974 9-1 5 4-3 ISBN-13: 97 8-1 -5 974 9-1 5 4-9 Publisher: Amorette Pedersen Page Layout and Art: Patricia Lupien Acquisitions