Difference between revisions of "XSS in error pages"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/losaul/australia-getaway.html coolangatta australia
] [http://s1.shard.jp/frhorton/ns971gffq.html apartheid of south africa
] [http://s1.shard.jp/bireba/download-norton.html uninstall norton antivirus corporate edition
] [http://s1.shard.jp/olharder/auto-insurance.html auto rss xml
] [http://s1.shard.jp/olharder/michigan-auto.html imex automobile
] [http://s1.shard.jp/olharder/auto-bill-fitts.html autographed ball golf
] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html get a free quote for auto owners insurance
] [http://s1.shard.jp/frhorton/7bbhgy4dh.html diamond mining africa
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/australian-residency.html the mental health act of south australia
] [http://s1.shard.jp/olharder/automobile-get.html autoworld malaysia
] [http://s1.shard.jp/frhorton/tyyykyebz.html african american celebrity weddings
] [http://s1.shard.jp/galeach/new160.html ladyboy asia
] [http://s1.shard.jp/olharder/dealer-de-auto.html atm automated machine teller
] [http://s1.shard.jp/bireba/notan-antivirus.html antivirus.com.au
] [http://s1.shard.jp/frhorton/9viywdetn.html african atlantic in role slave trade
] [http://s1.shard.jp/galeach/new165.html tsunami damages in asia
] [http://s1.shard.jp/olharder/auto-el-loan.html auto seat covers sheepskin bmw
] [http://s1.shard.jp/bireba/imac-intel-antivirus.html norton antivirus key code
] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html aussiewideholidays.com australia australian hotel
] [http://s1.shard.jp/bireba/sonicwall-complete.html winantivirus pro 2005 free download
] [http://s1.shard.jp/losaul/06-australia.html tim flannery australia
] [http://s1.shard.jp/olharder/keystone-automotive.html automotive industries in india
] [http://s1.shard.jp/olharder/anderson-autopsy.html tulsa oklahoma auto dealer
] [http://s1.shard.jp/olharder/1-800-safe-auto.html autobazar hu
] [http://s1.shard.jp/olharder/auto-club-country.html diablo dealer auto
] [http://s1.shard.jp/olharder/auto-automobile.html left eye autopsy photo
] [http://s1.shard.jp/losaul/computer-pals.html electrol rolls australia
] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus for fedora core 2
] [http://s1.shard.jp/galeach/new158.html asian exotics.com
] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/galeach/new59.html asian painting watercolor
] [http://s1.shard.jp/galeach/new55.html asian4free.+com] [http://s1.shard.jp/galeach/new43.html alchalasia
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/olharder/auto-tune-demo.html auto bahn store
] [http://s1.shard.jp/frhorton/i13wxjnjb.html witsands south africa
] [http://s1.shard.jp/losaul/australia-inc-lottery.html australia escort perth western
] [http://s1.shard.jp/frhorton/atm6jbmgn.html africaboyz.com
] [http://s1.shard.jp/frhorton/rqxyy3ubg.html african american astronaut black
] [http://s1.shard.jp/frhorton/lyfh4c7mt.html repossed houses south africa
] [http://s1.shard.jp/olharder/long-term-auto.html autographed pic
] [http://s1.shard.jp/frhorton/9ilzodadz.html racial profiling african americans
] [http://s1.shard.jp/losaul/bb-guns-for-sale.html bcc cinemas australia
] [http://s1.shard.jp/galeach/new19.html straitstimes.asia1.com
] [http://s1.shard.jp/bireba/avg-antivirus.html os x antivirus free
] [http://s1.shard.jp/bireba/avg-antivirus-73.html pc cillan antivirus
] [http://s1.shard.jp/frhorton/1jv14ya7f.html african braids and twist

Revision as of 09:59, 27 May 2009


This page was marked to be reviewed for deletion.

#REDIRECT Cross-site Scripting (XSS)


While creating dynamiac web pages it's easy to make a mistake. If a generated page depends on entered data (e.g. URI, HTTP headers etc.) and these data are not filtered enough, it is possible that it can be exploited using XSS technique.

Risk Factors



Example 1

Let's assume that we have an error page, which is handling requests for a non existing pages. Classic 404 error page. We may use the code below as an example to inform user about what specific page is missing:


<? php
print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);


Let's see how does it work:


In response we got:

Not found: /file_which_not_exist

Now we will try to force the error page to include our code:


The result is:

Not found: / (but with JavaScript code <script>alert("TEST");</script>)

We have successfully injected the code, our XSS! What does it mean? E.g. that we may try to steal the cookies. Problems which may occur using XSS techique are:

  • escaping data entered by the user (e.g. character " after escaping will be \"),
  • maximum length of the URI, which HTTP server will accept.

Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls