A new type of cross-site scripting (XSS) attack that exploits commonly used
network administration tools could be putting users' data at risk, a researcher
says.

Tyler Reguly, lead security research engineer at nCircle, today published a
white paper outlining a new category of attack called "meta-information XSS" (miXSS),
which works differently than other forms of the popular attack method -- and
could be difficult to detect.

"Think about those network administration utilities that so many webmasters
and SMB administrators rely on -- tools that perform a whois lookup, resolve DNS
records, or simply query the headers of a Web server," the white paper states. "They're
taking the meta-information provided by various services and displaying it
within the rendered Website.

"These Web-based services introduce a class of XSS that can't be captured by
the current categories."

Check Also

Фундаментальные основы хакерства. Учимся искать ключевые структуры языков высокого уровня

Исследование алгоритма работы программ, написанных на языках высокого уровня, традиционно …

Оставить мнение