Monday, July 5, 2010

Script injection attacks to be aware of

The following is an xss attack that few people release is possible;
<script>
alert('</script><script>alert(2);</script>');
alert('1');
</script>

How it works:
Its simple really the HTML parser of browsers first parse the HTML structure of the page, they have no knowledge of the structure of javascript and contents contained in the tag body. _ANY_ HTML tag, even one present in correctly escaped javascript takes precedence.
Posted by Ashley Smart at 10:33 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)