How Cross-Site Scripting Works … Query string contains embedded JavaScript that redirects to attackers page and transmits cookies issued by Search.aspx in a query string URL of the site targeted by the attack … Query string contains embedded JavaScript that redirects to attackers page and transmits"> … Query string contains embedded JavaScript that redirects to attackers page and transmits" title="How Cross-Site Scripting Works … Query string contains embedded JavaScript that redirects to attackers page and transmits" class="link_thumb"> Void UnSafe (const char* uncheckedData) char localVariable Stack-Based Buffer Overrun Example Top of Stack char int Return addressĬross-Site Scripting (XSS) Exploits applications that echo raw, unfiltered input to Web pages Input from fields Input from query strings The technique: Find a field or query string parameter whose value is echoed to the Web page Enter malicious script and get an unwary user to navigate to the infected page Steal cookies, deface and disable sites Possible Results of Buffer Overruns Possible ResultHackers Goal Access violation To perform denial of service attacks against servers Instability To disrupt the normal operation of software Code Injection To gain privileges for their own code To exploit vital business data To perform destructive actions
What Is a Buffer Overrun? Occurs when data exceeds the expected size and overwrites other values Exists primarily in unmanaged C/C++ code Includes four types: Stack-based buffer overruns Heap overruns V-table and function pointer overwrites Exception handler overwrites Can be exploited by worms
0 kommentar(er)
