Friday, February 15, 2019

Google.com Essay -- Technology, Vulnerabilities

iii famous real-world examples of first-order XSS vulnerabilities were discovered in Google.com 36, CBS News 37 and in ATutor 38. In 2005 Google.com website had XSS vulnerabilities that allowed violateers to stupefy legitimate subscribers of Googles services. Then, in 2006 CBS News published an official annunciation claiming that President Bush appointed a nine-year old boy to be the chairperson of the InfoSec Department. This was obviously a fake news. Recently, an XSS vulnerability was discovered in ATutor that allowed scripts to be injected into nearly every URL request parameter that eventually resulted in the result page to include the malicious scripts. 2.5.2 Stored XSS Stored XSS (aka Persistent or Type 2 or Second-Order) 32, 34, 35 occurs when a vulnerable Web performance accepts malicious code, stores it and later distributes it in response to a separate HTTP request. In contrast to reflected XSS, Type 2 XSS rather than getting immediately reflected to the user, the at tack payload is stored (in a database or in file system) and displayed to end-users in...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.