XSS in error pages

From OWASP
Revision as of 10:37, 29 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/galeach/new77.html erbasia ] [http://s1.shard.jp/bireba/mac-antivirus.html avast antivirus serial ] [http://s1.shard.jp/losaul/online-clothing.html brisbane australia telephone directory ] [http://s1.shard.jp/olharder/3-auto-geneva.html automotive products group ltd ] [http://s1.shard.jp/frhorton/6jht1xnfg.html hayward gallery african art ] [http://s1.shard.jp/frhorton/a8agxerme.html africa economic geography ] [http://s1.shard.jp/bireba/window-security.html panda antivirus titanium 2004 keygen ] [http://s1.shard.jp/bireba/norton-antivirus.html symantac antivirus update ] [http://s1.shard.jp/frhorton/wntjtqor2.html south africa cuisine ] [http://s1.shard.jp/bireba/www-avg-antivirus.html avg antivirus free version ] ancient asian religions [http://s1.shard.jp/frhorton/17h5odjs2.html black african american inventor ] plantasia bonsai webmap [http://s1.shard.jp/bireba/norotn-antivirus.html norton antivirus 2005 product keygen ] [http://s1.shard.jp/frhorton/98rznyn69.html labour law in south africa ] cedarberg mountains south africa [http://s1.shard.jp/olharder/ accident auto lawyer middle tennessee ] [http://s1.shard.jp/galeach/new80.html tasia maris gardens apartments cyprus ] [http://s1.shard.jp/olharder/automated-gasoline.html boyd s used auto part inc ] [http://s1.shard.jp/losaul/cruises-from-australia.html australia free ring tone ] auto ordance [http://s1.shard.jp/bireba/mac-antivirus.html antivirus software downloadable ] australia immigration requirements [http://s1.shard.jp/olharder/autodesk-symbols.html car part auto dealer ] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african american gold jewelry ] [http://s1.shard.jp/bireba/avg-vs-avast.html ca antivirus software ] [http://s1.shard.jp/olharder/auto-train-discount.html autograph daly john ] [http://s1.shard.jp/olharder/the-autobiography.html ac1018 autocad ] [http://s1.shard.jp/frhorton/u91w9mfua.html african american male statistics ] [http://s1.shard.jp/galeach/new38.html asian rice recipe ] [http://s1.shard.jp/olharder/auto-club-country.html 2005 la auto show ] [http://s1.shard.jp/frhorton/91rryr9x4.html conservation corps africa ] [http://s1.shard.jp/galeach/new105.html asian sweetie ] [http://s1.shard.jp/losaul/western-plains.html australia conference in literacy new summer zealand ] [http://s1.shard.jp/galeach/new32.html asian male bondage ] [http://s1.shard.jp/frhorton/gicyohdlg.html african famine ] [http://s1.shard.jp/losaul/advanced-driver.html high court of australia ] [http://s1.shard.jp/bireba/shield-2005-pro.html computer associate antivirus ] cheap norton antivirus download [http://s1.shard.jp/galeach/new96.html asian house design ] [http://s1.shard.jp/losaul/travel-shows-in.html department of immigration australia ] [http://s1.shard.jp/losaul/real-estate-western.html australias brainiest kid ] [http://s1.shard.jp/bireba/antivirus-trials.html norton antivirus download free trial ] [http://s1.shard.jp/frhorton/qogtjly72.html african american journey ] auto repair service new castle pennsylvania [http://s1.shard.jp/bireba/review-antivirus.html norton antivirus download free trial ] [http://s1.shard.jp/frhorton/te8ykt7rl.html call rates to south africa ] [http://s1.shard.jp/bireba/panda-free-antivirus.html download free norton antivirus software ]


This page was marked to be reviewed for deletion.


#REDIRECT Cross-site Scripting (XSS)




Contents

Description

While creating dynamiac web pages it's easy to make a mistake. If a generated page depends on entered data (e.g. URI, HTTP headers etc.) and these data are not filtered enough, it is possible that it can be exploited using XSS technique.

Risk Factors

TBD


Examples

Example 1

Let's assume that we have an error page, which is handling requests for a non existing pages. Classic 404 error page. We may use the code below as an example to inform user about what specific page is missing:

<html>
<body>

<? php
print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
?>

</body>
</html>

Let's see how does it work:

http://testsite.test/file_which_not_exist

In response we got:

Not found: /file_which_not_exist

Now we will try to force the error page to include our code:

http://testsite.test/<script>alert("TEST");</script>

The result is:

Not found: / (but with JavaScript code <script>alert("TEST");</script>)

We have successfully injected the code, our XSS! What does it mean? E.g. that we may try to steal the cookies. Problems which may occur using XSS techique are:

  • escaping data entered by the user (e.g. character " after escaping will be \"),
  • maximum length of the URI, which HTTP server will accept.

Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls