Jump to content
Invision Community
FORUMS BLOG/NEWS USER BLOGS USER MEDIA ADVERTS   ADD  MANAGE CHAT CLUBS & USER PERSONAL FORUMS LINK EXCHANGE
ANTIVIRUS & SPAM Antivirus Anti Spam Anti Spyware Free Virus Scanner Antivirus Comparison Antivirus for Android Antivirus for Mac Anti Spam for Android Anti Spyware for Android
Sign in to follow this  
davidtrump

Related Vulnerabilities

Recommended Posts

Related vulnerabilities
In a Universal Cross-Site Scripting (UXSS, or Universal XSS) attack, vulnerabilities in the browser itself or in the browser plugins are exploited (rather than vulnerabilities in other websites, as is the case with XSS attacks); such attacks are commonly used by Anonymous, along with DDoS, to compromise control of a network.

Several classes of vulnerabilities or attack techniques are related to XSS: cross-zone scripting exploits "zone" concepts in certain browsers and usually executes code with a greater privilege. HTTP header injection can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).

Cross-site request forgery (CSRF/XSRF) is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users. XSS vulnerabilities (even in other applications running on the same domain) allow attackers to bypass CSRF prevention efforts.

Covert Redirection takes advantage of third-party clients susceptible to XSS or Open Redirect attacks. Normal phishing attempts can be easy to spot, because the malicious page's URL will usually be off by a couple of letters from that of the real site. The difference with Covert Redirection is that an attacker could use the real website instead by corrupting the site with a malicious login pop-up dialogue box.

Lastly, SQL injection exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered, any SQL statements can be executed by the application.

The specific XSSs that affect a given version of a web browser tend to be unique. Consequently, it is possible to use XSS to fingerprint the browser vendor and version of a user.

Share this post


Link to post
Share on other sites
MALWARE & PROVIDER Anti Malware Hosting Shared Hosting Windows Hosting VOIP Phone Register Domain Website Builder Dedicated Server Fiber Optics Provider

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...