|
|
| |
|
|
|
|
|
|
| |
| Copyright © 2001,2002 eyeonsecurity
Inc., All Rights Reserved. No portions of eyeonsecurity
may be used without express, written permission
|
|
|
|
Extended
HTML Form Attack
A new Cross Site Scripting attack which effects
(at least) major browsers Internet Explorer and Opera. This one
makes use of forms targeted at non-HTTP services. This paper covers
the following points:
- A short description of the original HTML Form Attack paper
- An introduction to Cross site scripting
- Displaying HTML content from non-HTML supporting services (echo,
smtp etc)
- How attackers can exploit this issue - finding vulnerable servers
- Solutions to the problem described.
Download Paper (need pdf view eg.
acrobat reader)
View online version
|
