Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. -Source Wiki
Questions tagged [client-side-attacks]
56 questions
0
votes
1 answer
Cross site attack warning each time I open Firefox
Each time I open Firefox, I get this error. I have NoScript installed. There also isn't any tabs open that has anything to do with this website.
I tried clearing my cache and local content, but it still keeps coming.
NoScript detected a potential…
Arun Rajasekar
- 67
- 1
- 8
0
votes
1 answer
Use of '%' as wildcard with ESAPI security filter
We use an ESAPI security layer in our application. We also, by design, use a '%' character for wildcard searches passed from the browser side. This is a poor choice and has carried over as legacy design for easily constructing the sql to run on the…
shasan
- 178
- 2
- 13
0
votes
2 answers
web server: how does this request appear
I'm building a web server with Python-tornado. The server is to provide a kind of search service about all of restaurants in some country. So the logic is quite simple: user types a key word and submits on the web page, the server replies some…
Yves
- 11,597
- 17
- 83
- 180
0
votes
1 answer
OAuth 2.0 malicious interceptor on browser
I was going through auth 2.0 protocol [1], along with the proof key RFC [2]. It explains well as to how the protocol protects against malicious apps listening to network traffic. However, I'm unable to understand how the auth 2.0 protocol protects…
Hrishi
- 103
- 1
- 6
0
votes
0 answers
Javascript store client-side password across pages in memory
I am working on an app that encrypts user's data with user's password on the client side without sending/sharing the password to the server.
User needs to encrypt data across pages and I don't want to ask user password each time that he needs to…
iman
- 199
- 1
- 14
0
votes
1 answer
XSS attack vectors
What are some common XSS vectors for websites aside from unsanitized input from text fields finding there way back into pages? Trying to prevent malicious access to csrf tokens in cookies. I'm escaping unsafe characters from text inputs (probably…
Slayer0248
- 1,231
- 3
- 15
- 26
0
votes
0 answers
Javascript detect cached webpage
I am wondering whether is possible to detect if requested page has been cached before or not.
Idea: When you visit malicious webpage, the site redirect you (using ajax) to www.stackoverflow.com for example and check if it is cached or not, with a…
A J
- 161
- 1
- 1
- 12
0
votes
1 answer
DNS rebinding: how it works?
I've been doing some research on DNS rebinding attacks and I can't understand how the actual rebinding happens. The most helpful resource was this video by Robert Hansen.
The one thing that I didn't quite understand: does the attacker have to own…
Dumitru
- 771
- 2
- 12
- 23
0
votes
1 answer
HTML and Javascript Files Attacked
I have many javascript and html files in my IIS server. Some days before, some strange code injected into the files. Code below.
/*ec8243*/
document.write('