Web Applications in Java

Creator Code 39 Full ASCII in Java Web Applications
9 Web Applications
Drawing Code 39 Full ASCII In Java
Using Barcode encoder for Java Control to generate, create USS Code 39 image in Java applications.
data, the database can be a conduit for attacks Without proper input validation on all data stored in the database, an attacker can execute malicious commands in the user s Web browser This form of vulnerability is called stored cross-site scripting Because the application stores the malicious content, there is a possibility that a single attack will affect multiple users without any action on their part This means that teaching users not to click on links from untrusted sources will do nothing to prevent this sort of attack On a historical note, XSS got its started this way with Web sites that offered a guestbook to visitors Attackers would include JavaScript in their guestbook entries, and all subsequent visitors to the guestbook page would execute the malicious code The application that stores the malicious data in the database might not be the same one that retrieves it This is particularly nasty because different front-end applications could have different interfaces or use different communication protocols Each application might do appropriate input validation in its own context, but by connecting the different applications to the same data store, the whole system can become vulnerable Figure 95 illustrates one such scenario
Bar Code Drawer In Java
Using Barcode maker for Java Control to generate, create bar code image in Java applications.
1 Attacker sends malicious data to application 1 Attacker Application 1
Barcode Decoder In Java
Using Barcode recognizer for Java Control to read, scan read, scan image in Java applications.
2 Application 1 writes malicious data to database
Create USS Code 39 In C#.NET
Using Barcode creation for Visual Studio .NET Control to generate, create Code-39 image in VS .NET applications.
Database
Code-39 Maker In VS .NET
Using Barcode creation for ASP.NET Control to generate, create USS Code 39 image in ASP.NET applications.
Application 2 4 Application 2 delivers attack to victim 3 Application 2 reads malicious data from database
Generate Code 39 In .NET
Using Barcode maker for Visual Studio .NET Control to generate, create Code 3 of 9 image in .NET applications.
Victim
Code39 Drawer In VB.NET
Using Barcode creation for .NET framework Control to generate, create Code 39 image in .NET framework applications.
Figure 95 Stored cross-site scripting can involve multiple applications
Bar Code Generation In Java
Using Barcode generation for Java Control to generate, create bar code image in Java applications.
Input and Output Validation for the Web
Creating DataMatrix In Java
Using Barcode creator for Java Control to generate, create ECC200 image in Java applications.
The First XSS Worm
Create UPC A In Java
Using Barcode generation for Java Control to generate, create UPC-A Supplement 2 image in Java applications.
The first self-propagating cross-site scripting attack we are aware of hit the MySpace Web site in 2005 The user samy took advantage of a stored cross-site scripting vulnerability so that any MySpace users who viewed his profile would automatically add him to their own profile In the end, MySpace had to go completely offline to clean up the mess Samy wrote a detailed explanation of the way he bypassed the MySpace defenses [samy, 2005] It illustrates a variety of techniques for exploiting cross-site scripting vulnerabilities, and it is a perfect example of a failed attempt at blacklisting Samy wrote the following: 1 MySpace blocks a lot of tags In fact, they only seem to allow <a>, <img>s, and <div>s maybe a few others (<embed>s, I think) They wouldn t allow
Bar Code Creation In Java
Using Barcode generator for Java Control to generate, create bar code image in Java applications.
<script>s, <body>s, onClicks, onAnythings, hrefs with JavaScript, etc
Encode Bar Code In Java
Using Barcode encoder for Java Control to generate, create bar code image in Java applications.
However, some browsers (IE, some versions of Safari, others) allow JavaScript within CSS tags We needed JavaScript to get any of this to even work Example:
Encode British Royal Mail 4-State Customer Barcode In Java
Using Barcode generator for Java Control to generate, create Royal Mail Barcode image in Java applications.
<div style="background:url('javascript:alert(1)')">
UPCA Decoder In VS .NET
Using Barcode decoder for VS .NET Control to read, scan read, scan image in Visual Studio .NET applications.
2 We couldn t use quotes within the div because we had already used up single quotes and double quotes already This made coding JS very difficult In order to get around it, we used an expression to store the JS and then executed it by name Example:
UPC-A Printer In .NET
Using Barcode drawer for ASP.NET Control to generate, create UPC-A Supplement 5 image in ASP.NET applications.
<div id="mycode" expr="alert('hah!')" style="background:url('javascript:eval(documentallmy codeexpr)')">
Code-39 Creator In C#
Using Barcode generator for Visual Studio .NET Control to generate, create Code 3 of 9 image in .NET applications.
3 Sweet! Now we can do JavaScript with single quotes However, MySpace strips out the word javascript from anywhere To get around this, some browsers will actually interpret java\nscript as javascript (that s java<NEWLINE>script) Example:
Drawing Code 128A In C#.NET
Using Barcode printer for Visual Studio .NET Control to generate, create USS Code 128 image in Visual Studio .NET applications.
<div id="mycode" expr="alert('hah!')" style="background:url('java script:eval(documentallmycodeexpr)')">
Creating Code 3 Of 9 In .NET
Using Barcode drawer for VS .NET Control to generate, create USS Code 39 image in VS .NET applications.
Continues
Painting Code 39 Extended In Visual Studio .NET
Using Barcode generator for ASP.NET Control to generate, create Code39 image in ASP.NET applications.
9 Web Applications
Generate GTIN - 128 In Visual Studio .NET
Using Barcode maker for VS .NET Control to generate, create EAN / UCC - 13 image in Visual Studio .NET applications.
Continued 4 Okay, while we do have single quotes working, we sometimes need double quotes We ll just escape quotes, eg, foo\"bar MySpace got me they strip out all escaped quotes, whether single or double However, we can just convert decimal to ASCII in JavaScript to actually produce the quotes Example:
<div id="mycode" expr="alert('double quote: ' + StringfromCharCode(34))" style="background:url('java script:eval(documentallmycodeexpr)')">
5 In order to post the code to the user s pro le who is viewing it, we need to actually get the source of the page Ah, we can use documentbodyinnerHTML in order to get the page source, which includes, in only one spot, the ID of the user viewing the page MySpace gets me again and strips out the word innerHTML anywhere To avoid this, we use an eval() to evaluate two strings and put them together to form "innerHTML" Example:
alert(eval('documentbodyinne' + 'rHTML'));
6 Time to actually access other pages We would use iframes, but usually (even when hidden), iframes aren t as useful and are more obvious to the user that something else is going on So we use XML-HTTP in order for the actual client to make HTTP GETs and POSTs to pages However, MySpace strips out the word