XSS Fragmentation Attacks

A newly released paper shows how a fragmentation attack can be used to cause web site that don’t filter out content too strictly to include arbitrary javascript which in turn can be used to cause a cross site scripting vulnerability. One such web site is of course MySpace.com.

The concept basically stems from the idea that if the web site looks for tags when it filters out content, then using broken tag content will render the filtering mechanism useless.

You can read more about this in the following link.

Share
  • http://www.BeyondSecurity.com noam

    [UPDATE] MySpace still appears to be vulnerable, entry points being SPAN, OBJECT, and DIV

  • http://prozacville.com Prozacgod

    Sheesh, ever seen how broken myspace pages are? Now the poor kids are going to at least have to balance their tags…

    You know when myspace fixes this. Someone is going to have to deal with a lot of pissed off ‘emo’ kids.

  • Pingback: Tramadol online ehop.