Biblio
Filters: Keyword is Cross-site Scripting Attacks [Clear All Filters]
.
2019. An Automated Composite Scanning Tool with Multiple Vulnerabilities. 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). :1060–1064.
In order to effectively do network security protection, detecting system vulnerabilities becomes an indispensable process. Here, the vulnerability detection module with three functions is assembled into a device, and a composite detection tool with multiple functions is proposed to deal with some frequent vulnerabilities. The tool includes a total of three types of vulnerability detection, including cross-site scripting attacks, SQL injection, and directory traversal. First, let's first introduce the principle of each type of vulnerability; then, introduce the detection method of each type of vulnerability; finally, detail the defenses of each type of vulnerability. The benefits are: first, the cost of manual testing is eliminated; second, the work efficiency is greatly improved; and third, the network is safely operated in the first time.
.
2019. XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities. 2019 3rd Cyber Security in Networking Conference (CSNet). :142–149.
QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.
.
2017. Cross-site Scripting Attacks on Android Hybrid Applications. Proceedings of the 2017 International Conference on Cryptography, Security and Privacy. :56–61.
Hybrid mobile applications are coded in both standard web languages and native language. The including of web technologies results in that Hybrid applications introduce more security risks than the traditional web applications, which have more possible channels to inject malicious codes to gain much more powerful privileges. In this paper, Cross-site Scripting attacks specific to Android Hybrid apps developed with PhoneGap framework are investigated. We find out that the XSS vulnerability on Hybrid apps makes it possible for attackers to bypass the access control policies of WebView and WebKit to run malicious codes into victim's WebView. With the PhoneGap plugins, the malicious codes can steal user's private information and destroy user's file system, which are more damaging than cookie stealing.