Re: Form Reload with Tainted Values

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Michael Ruebner
    #1

    Re: Form Reload with Tainted Values

    Joost Diepenmaat:
    *If* that's true, then the input can be used as an XSS attack -
    they'll just have to lure some unsuspecting victim to the
    error/feedback page you created.
    None of the returned values will ever be stored in a session (or make it
    into the database), so I assume that hijacking and/or redirection will not
    be an issue. Put another way around, if the attacker's browser will be the
    only client to display rouge input, what's the harm to the rest of us?

    Mike
    Tags: None
    • Chris Morris
      #2
      Re: Form Reload with Tainted Values

      Michael Ruebner <njus@lunchingl ads.netwrites:
      Joost Diepenmaat:
      *If* that's true, then the input can be used as an XSS attack -
      they'll just have to lure some unsuspecting victim to the
      error/feedback page you created.
      >
      None of the returned values will ever be stored in a session (or make it
      into the database), so I assume that hijacking and/or redirection will not
      be an issue. Put another way around, if the attacker's browser will be the
      only client to display rouge input, what's the harm to the rest of us?
      vulnerable.php =<?php print ($_GET['print']); ?>

      <a href="vulnerabl e.php?print=<sc ript>alert(docu ment.cookie)</script>">
      Please follow this link</a>

      The attacker is the person who creates the link (or form, if it's a
      POST-based attack instead).
      The victim is the person who gets tricked into clicking on it.
      They don't need to be the same person.

      Persistent XSS, where the value gets stored in the database and then
      redisplayed, is *worse* than this because the victims just have to
      look at the legitimate site, and the more that look, the worse it
      gets. However, tricking someone into clicking on a link on a
      relatively unrelated web page is not exactly difficult.

      With most common web programming languages making it incredibly
      difficult to avoid filling code with XSS bugs, it's not an easy thing
      to ensure doesn't happen, but it's absolutely necessary.

      http://www.cgisecurity.com/articles/xss-faq.shtml has a few more examples.

      --
      Chris

        Comment

        • Michael Ruebner
          #3
          Re: Form Reload with Tainted Values

          Chris Morris:
          The attacker is the person who creates the link (or form, if it's a
          POST-based attack instead).
          The victim is the person who gets tricked into clicking on it.
          They don't need to be the same person.
          OK. Got it. I was stuck on persistent XSS and lost sight of the simpler
          things in life ;-)

          Thanks for your, and Joost's, input.

          Mike

            Comment

            Previous template Next
            Working...