Difference between revisions of "CRV2 RevCodeXSS"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
Where can XSS occur??
+
=='''Where can XSS occur??'''==
  
'''HTML Body Context'''<br>
+
===HTML Body Context<br>===
 
<nowiki><span>UNTRUSTED DATA</span></nowiki><br>
 
<nowiki><span>UNTRUSTED DATA</span></nowiki><br>
'''<br>
+
 
HTML Attribute Context'''<br>
+
==='''HTML Attribute Context'''===<br>
 
<nowiki><input type="text" name="fname" value="UNTRUSTED DATA"></nowiki><br>
 
<nowiki><input type="text" name="fname" value="UNTRUSTED DATA"></nowiki><br>
 
attack: "><script>/* bad stuff */</script><br>
 
attack: "><script>/* bad stuff */</script><br>
  
'''HTTP GET Parameter Context'''<br>
+
==='''HTTP GET Parameter Context'''===<br>
 
<nowiki><a href="/site/search?value=UNTRUSTED DATA">clickme</a></nowiki><br>
 
<nowiki><a href="/site/search?value=UNTRUSTED DATA">clickme</a></nowiki><br>
 
attack: " onclick="/* bad stuff */"<br>
 
attack: " onclick="/* bad stuff */"<br>
  
'''URL Context'''<br>
+
==='''URL Context'''===<br>
 
<nowiki><a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" /></nowiki> <br>
 
<nowiki><a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" /></nowiki> <br>
 
attack: javascript:/* BAD STUFF */<br>
 
attack: javascript:/* BAD STUFF */<br>
  
'''CSS Value Context'''<br>
+
==='''CSS Value Context'''===<br>
 
<div style="width: UNTRUSTED DATA;">Selection</div>
 
<div style="width: UNTRUSTED DATA;">Selection</div>
 
attack: expression(/* BAD STUFF */)<br>
 
attack: expression(/* BAD STUFF */)<br>
  
'''JavaScript Variable Context'''<br>
+
==='''JavaScript Variable Context'''===<br>
 
<script>var currentValue='UNTRUSTED DATA';</script> <br>
 
<script>var currentValue='UNTRUSTED DATA';</script> <br>
  
Line 27: Line 27:
 
</script> attack: ');/* BAD STUFF */<br>
 
</script> attack: ');/* BAD STUFF */<br>
  
'''JSON Parsing Context'''<br>
+
==='''JSON Parsing Context'''===<br>
 
JSON.parse(UNTRUSTED JSON DATA)<br>
 
JSON.parse(UNTRUSTED JSON DATA)<br>

Latest revision as of 07:51, 2 May 2013

Where can XSS occur??

HTML Body Context

<span>UNTRUSTED DATA</span>

===HTML Attribute Context===
<input type="text" name="fname" value="UNTRUSTED DATA">
attack: "><script>/* bad stuff */</script>

===HTTP GET Parameter Context===
<a href="/site/search?value=UNTRUSTED DATA">clickme</a>
attack: " onclick="/* bad stuff */"

===URL Context===
<a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" />
attack: javascript:/* BAD STUFF */

===CSS Value Context===

Selection

attack: expression(/* BAD STUFF */)

===JavaScript Variable Context===
<script>var currentValue='UNTRUSTED DATA';</script>

<script>someFunction('UNTRUSTED DATA');

</script> attack: ');/* BAD STUFF */

===JSON Parsing Context===
JSON.parse(UNTRUSTED JSON DATA)