Consider a search engine website that is not secured against
Cross-site Scripting. The user interface of the search website consists
of an input field. After the user types in a search term and hits
enter, an output web page displays a list of items that match the search
term.
These are the steps involved in the XSS attack:
1. Hacker types in a harmless search term like “This is an XSS attack”
2. The search engine generates this URL, which contains the embedded search term:
http://google.com/search.php?q=XSS%20attack
3. This gives the hacker the name of the php script used by the search engine (search.php in this case).
4. Now the hacker enters this type of search term:
<script type=”text/javascript”> alert(‘This is an XSS attack’) </script>
5. This search term is submitted to search.php and this URL is created:
http://google.com/search.php?q=%3Cscript%3Ealert%28%91This%20is%20an%20XSS%20attack%92%29%3C%2Fscript%3E
When the search engine displays the output page, if it is vulnerable to attack the message saying “This is an XSS attack” will be shown rather than a list of matching search items. The hacker now knows that it’s possible to launch a full-blown XSS attack on the search engine. This is a simple example, but it illustrates how a more dangerous script could be used to attack the search engine.
These are the steps involved in the XSS attack:
1. Hacker types in a harmless search term like “This is an XSS attack”
2. The search engine generates this URL, which contains the embedded search term:
http://google.com/search.php?q=XSS%20attack
3. This gives the hacker the name of the php script used by the search engine (search.php in this case).
4. Now the hacker enters this type of search term:
<script type=”text/javascript”> alert(‘This is an XSS attack’) </script>
5. This search term is submitted to search.php and this URL is created:
http://google.com/search.php?q=%3Cscript%3Ealert%28%91This%20is%20an%20XSS%20attack%92%29%3C%2Fscript%3E
When the search engine displays the output page, if it is vulnerable to attack the message saying “This is an XSS attack” will be shown rather than a list of matching search items. The hacker now knows that it’s possible to launch a full-blown XSS attack on the search engine. This is a simple example, but it illustrates how a more dangerous script could be used to attack the search engine.
No comments:
Post a Comment