The potency of an XSS vulnerability lies in the fact that the malicious code scripging in the context of the victim’s session, allowing the attacker to bypass normal security restrictions.

A real case study of XSS through EXIF headers – 0xCC – Medium

Sign up for new issue notifications. If the victim clicks on the link, the HTTP request is initiated from the victim’s browser and sent to the vulnerable web application. Cookie Use We use cookies to collect information to help us personalise your experience and stdy the functionality and performance of our site. Case study on cross site scripting continuing to use this site you agree to our use of cookies. For more information see our cookies policy. The vulerability was found in an image cache service for optimizing image size in mobile devices:.

Looks like it was directly taken from original url, so we can caze spoof it to cheat the browser. Buy this article in print.

Nations across the world have joined the online environment thanks to training and awareness initiatives by their government. XSS vulnerabilities allow an attacker to execute arbitrary commands and display arbitrary content in a victim user’s browser. XSS is the most common security vulnerability in software today.


When a victim loads this page from www. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. This site uses cookies. Secure Coding Handbook Learn best practices from the pros at Veracode.

Local File Disclosure Vulnerability: A Case Study of Public-Sector Web Applications

A malicious user notices that the web application fails to sanitize the username field sit inputs malicious JavaScript code as part of their username. Impact of Cross-Site Scripting. Besides, I think cache services like this should better be served in separated domain to keep harmful content away from user credits.

Case study on cross site scripting sharing and downloading activities using web applications have now become very common, not only ensuring the easy distribution of different types of files and documents but also enormously reducing the time and effort of users. An XSS vulnerability arises when web applications take data from users and dynamically include it in web pages without first properly validating the data.

This should not be the case as XSS is easy to find and easy to fix.

Local File Disclosure Vulnerability: A Case Study of Public-Sector Web Applications – IOPscience

Get updates Get updates. Imran Ahmed et al J. This paper analyses the root cause of LFD vulnerability, its exploitation techniques, and its impact on public-sector websites in Bangladesh by examining the use of manual black box testing approach. The application stores each o in a local database.


The malicious JavaScript is then reflected back to the victim’s browser, where it is executed in the context of the victim user’s session. In XSS attacks, the victim is the user and case study on cross site scripting the application.

Prevent a Cross-Site Scripting Attack. Knowledgeable consultants at Veracode can help you out. Sign in Get started. When attackers succeed in exploiting XSS vulnerabilities, they can gain access to account credentials.

Never miss a story from 0xCCwhen you sign up for Medium. By crafting a search query looking something like this: I guess there must be some nodes misconfigurated while others are not.