684 Words3 Pages
Three famous real-world examples of first-order XSS vulnerabilities were discovered in [36], CBS News [37] and in ATutor [38]. In 2005 website had XSS vulnerabilities that allowed attackers to impersonate legitimate subscribers of Google’s services. Then, in 2006 CBS News published an official announcement claiming that President Bush appointed a nine-year old boy to be the chairperson of the InfoSec Department. This was obviously a fake news. Recently, an XSS vulnerability was discovered in ATutor that allowed scripts to be injected into nearly every URL request parameter that eventually resulted in the result page to include the malicious scripts. 2.5.2 Stored XSS Stored XSS (aka Persistent or Type 2 or Second-Order) [32, 34, 35] occurs when a vulnerable Web application accepts malicious code, stores it and later distributes it in response to a separate HTTP request. In contrast to reflected XSS, Type 2 XSS rather than getting immediately reflected to the user, the attack payload is stored (in a database or in file system) and displayed to end-users in...

More about

Open Document