Solved

Security agains XSS Attacks

Posted on 2015-02-03
3
98 Views
Last Modified: 2015-10-29
This is a test of the file-upload security at E-E.  If the file-upload allows XSS attacks, this file should make that obvious.  Similarly, if the file-upload process is properly secured, this should be obvious, too.evil.php
0
Comment
Question by:Ray Paseur
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40588555
good thing is that this test file and EE also make it none "executable" as it always render it as textual (non binary) reading. So simply click just show the text content of it. However if the file is some executable (by default not allowed for upload) or the rendering engine has vulnerability due to not proper validation done (e.g. buffer overflow), likely that can change the story...just some (wild) thoughts  :)

another example is clickjacking using some sort of code
<html>
   <head>
     <title>Clickjack test page</title>
   </head>
   <body>
     <p>Website is vulnerable to clickjacking!</p>
     <iframe src="http://www.target.site" width="500" height="500"></iframe>
   </body>
</html>

Open in new window

1
 
LVL 110

Author Closing Comment

by:Ray Paseur
ID: 41144266
Thanks - time to close this and move on :-)
0
 
LVL 63

Expert Comment

by:btan
ID: 41147048
Thanks Ray!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question