Google.com Essay -- Technology, Vulnerabilities

Three famous real-world examples of first-order XSS vulnerabilities were discovered in Google.com 36, CBS tidings 37 and in ATutor 38. In 2005 Google.com website had XSS vulnerabilities that allowed attackers to impersonate legitimate subscribers of Googles services. Then, in 2006 CBS discussion published an official announcement claiming that President Bush appointed a nine-year old boy to be the chairperson of the InfoSec Department. This was obviously a put on news. Recently, an XSS vulnerability was discovered in ATutor that allowed scripts to be injected into nearly every uniform resource locator request parameter that eventually resulted in the result page to take on the malicious scripts. 2.5.2 Stored XSS Stored XSS (aka Persistent or Type 2 or Second-Order) 32, 34, 35 occurs when a vulnerable Web application accepts malicious code, stores it and later distributes it in reception to a separate HTTP request. In contrast to reflected XSS, Type 2 XSS alternatively than ge tting immediately reflected to the user, the attack payload is stored (in a database or in file system) and displayed to end-users in...