DescriptionDuring creating dynamiac web pages it's easy to make a mistake. If generated page depends on entered data (e.g. URI, HTTP headers etc.) and these data are not filtered enough it is possible that it can be exploited using XSS technique. ExamplesExample 1 Let's assume that we have an error page, which is handling requests for a non existing pages. Classic 404 error page. We may use the code below as an example to inform user about what specific page is missing: <html> <body> <? php print "Not found: " . urldecode($_SERVER["REQUEST_URI"]); ?> </body> </html> Let's see how does it work: http://testsite.test/file_which_not_exist In response we got: Not found: /file_which_not_exist Now we will try to force the error page to include our code: http://testsite.test/<script>alert("TEST");</script>
The result is: Not found: / (but with JavaScript code <script>alert("TEST");</script>)
We have successfully injected the code, our XSS! What does it mean? E.g. that we may try to steal the cookies. Problems which may occur using XSS techique are:
|
