|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Detecting cross-site scripting attacks
From: Vinny Bedus (vbedus
bitchangers.com)
Date: Wed May 14 2003 - 11:00:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cedar,
The problem that you would have with checking for the HTML is that you
might have a text area where you allow the user to enter in text
content. You would then be blocking the users from doing that.
Also, depending on how you are checking, XML posts might be a problem.
If you don't allow this type of access on your site, then it should not
be a problem.
Vinny
http://www.BitChangers.com/
-----Original Message-----
From: Cedar Moore [mailto:cedar1420yahoo.com]
Sent: Wednesday, May 14, 2003 10:32 AM
To: webappsecsecurityfocus.com
Subject: Re: Detecting cross-site scripting attacks
In-Reply-To: <97FD849ABD38514A9E4233C77E6DDD29322AFBcerberus.dns.co.uk>
Thanks for all the responses.
If you look at one of the possible cross sire scripting attack.
http://legitimatesite.com/modules.php?username=bla<script>alert
(document.cookie)</script>
Is it fine if we look at only the REQ portion of the packet to determine
if it is a cross-site scripting attack (By checking the <script>
tags. I
guess any valid HTTP REQUEST should not have <script> or any other
HTML
tags in GET or POST request messages.
If that is the case can I write a signature in SNORT to look for <HTML
Tags> on port 80 in REQ direction and conclude that it is a invalid
request? Would be there any false positives?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]