Cross-Site Scripting Explained – Part 8: Javascript String Injection

Author: Jeremy Druin Twitter: @webpwnized Description: Exploiting XSS using injections which land in JavaScript strings is one of the more potent attacks. These are sometimes over looked since most injections land in HTML context rather than JavaScript strings. While not as common, injections landing in JavaScript strings should be patched quickly since injections can be performed without the need to inject HTML tags. The software used in the video is the OWASP Mutillidae II Web Pen-Test Practice Application. Mutillidae is available for download at Updates about Mutillidae are tweeted to @webpwnized along with annoucements about video releases. Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking “S

It's only fair to share...Tweet about this on TwitterShare on FacebookShare on TumblrShare on Google+Digg thisShare on LinkedInPin on PinterestShare on VKShare on RedditPrint this pageEmail this to someone
Flattr the authorShare on StumbleUponShare on YummlyBuffer this page

Leave a Reply

Your email address will not be published. Required fields are marked *