Solved

Security agains XSS Attacks

Posted on 2015-02-03
3
94 Views
Last Modified: 2015-10-29
This is a test of the file-upload security at E-E.  If the file-upload allows XSS attacks, this file should make that obvious.  Similarly, if the file-upload process is properly secured, this should be obvious, too.evil.php
0
Comment
Question by:Ray Paseur
  • 2
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40588555
good thing is that this test file and EE also make it none "executable" as it always render it as textual (non binary) reading. So simply click just show the text content of it. However if the file is some executable (by default not allowed for upload) or the rendering engine has vulnerability due to not proper validation done (e.g. buffer overflow), likely that can change the story...just some (wild) thoughts  :)

another example is clickjacking using some sort of code
<html>
   <head>
     <title>Clickjack test page</title>
   </head>
   <body>
     <p>Website is vulnerable to clickjacking!</p>
     <iframe src="http://www.target.site" width="500" height="500"></iframe>
   </body>
</html>

Open in new window

1
 
LVL 108

Author Closing Comment

by:Ray Paseur
ID: 41144266
Thanks - time to close this and move on :-)
0
 
LVL 61

Expert Comment

by:btan
ID: 41147048
Thanks Ray!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The month of August was another action packed month for hackers and a security nightmare for many retailers and restaurant establishments. Some of the more notable data breach victims this past month included supermarket giants SUPERVALU and Alberts…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now