Security Now 86

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 86

Security Now 86: Cross Site Scripting Part 2

News & Errata

Cross Site Scripting Part 2

32:20 - 56:52

  • You can place script tags in input you provide and the website will then display this content (if it doesn't sanitize input properly)
  • When other users visit the site their browser will execute your script
    • You could for example send a users cookie to a malicious server
    • This would allow session hijacking

  • You can try to bypass the server sanitation functions with things like using Unicode characters

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.