XSS Post #2: Event Handlers & Breaking Out - Perspective Risk



XSS Post #2: Event Handlers & Breaking Out - Perspective Risk

Following on from my first blog post, hopefully you've now grasped the basics of XSS, so we can move onto some slightly more advanced areas. As mentioned in the previous post, we'll be covering event handlers today. We're also going to take a look at breaking out of HTML tags, as this is another essential part of exploiting XSS flaws and web security!

 

Event Handlers

Event handlers are special JavaScript functions that perform an action based on certain events. An obvious example is onmouseover, when you hover your cursor over the displayed text, the code accompanying it will be executed. So what will this line of code do?

<a onmouseover=alert('Boom')>Hey there</a>

That's right, when you move your cursor over the Hey there that's displayed on the page, an alert box will pop up.

From an XSS perspective, we can loosely categorize these event handlers into two types, those that require user interaction to trigger and those that don't. We will take a look at both below.

 

Example 1: Event Handlers that Require User Interaction

 

We can demonstrate this with the DOM based XSS WebGoat example described in the previous blog post. We insert the above onmouseover event handler string and when we hover our mouse over it…

 

Boom! Pop up time! As the event handler constantly listens for the corresponding event we do not need to refresh the page, like we would if using script tags. Note, we need the HTML <a> tags as they will anchor our text. Other tags will work as well, such as <p>, the paragraph.


Read full article from XSS Post #2: Event Handlers & Breaking Out - Perspective Risk


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

Algorithm (219) Lucene (130) LeetCode (97) Database (36) Data Structure (33) text mining (28) Solr (27) java (27) Mathematical Algorithm (26) Difficult Algorithm (25) Logic Thinking (23) Puzzles (23) Bit Algorithms (22) Math (21) List (20) Dynamic Programming (19) Linux (19) Tree (18) Machine Learning (15) EPI (11) Queue (11) Smart Algorithm (11) Operating System (9) Java Basic (8) Recursive Algorithm (8) Stack (8) Eclipse (7) Scala (7) Tika (7) J2EE (6) Monitoring (6) Trie (6) Concurrency (5) Geometry Algorithm (5) Greedy Algorithm (5) Mahout (5) MySQL (5) xpost (5) C (4) Interview (4) Vi (4) regular expression (4) to-do (4) C++ (3) Chrome (3) Divide and Conquer (3) Graph Algorithm (3) Permutation (3) Powershell (3) Random (3) Segment Tree (3) UIMA (3) Union-Find (3) Video (3) Virtualization (3) Windows (3) XML (3) Advanced Data Structure (2) Android (2) Bash (2) Classic Algorithm (2) Debugging (2) Design Pattern (2) Google (2) Hadoop (2) Java Collections (2) Markov Chains (2) Probabilities (2) Shell (2) Site (2) Web Development (2) Workplace (2) angularjs (2) .Net (1) Amazon Interview (1) Android Studio (1) Array (1) Boilerpipe (1) Book Notes (1) ChromeOS (1) Chromebook (1) Codility (1) Desgin (1) Design (1) Divide and Conqure (1) GAE (1) Google Interview (1) Great Stuff (1) Hash (1) High Tech Companies (1) Improving (1) LifeTips (1) Maven (1) Network (1) Performance (1) Programming (1) Resources (1) Sampling (1) Sed (1) Smart Thinking (1) Sort (1) Spark (1) Stanford NLP (1) System Design (1) Trove (1) VIP (1) tools (1)

Popular Posts