70-486 · Certification Test · Computer programming

XSS – Cross Site scripting

Reflect XSS

In the querry string simply add something like msg=<script>alert(‘XSS’)<script>

Persistent XSS

A script that has been injected into the database.  An example would be to  add the script to a comment field.  Thus everytime the list of comments is display the scirpt is run.  OR it could be embedded in an image file. New browsers won’t display the image but IE6 will.

DOM Based + JSON + JQuery

 

References

Adam Tuliper’s Hack-proofing Your ASP.NET Web Applications

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s