This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:20160607-xssi-the tale of a fameless but widepsread vulnerability-Veit Hailperin.pdf
"XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no publicly available tool to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk I am going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI exploitation.
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Dimensions | User | Comment | |
|---|---|---|---|---|
| current | 06:30, 29 June 2016 | (2.01 MB) | Schattenbaum (talk | contribs) | "XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion... |
- You cannot overwrite this file.
File usage
There are no pages that link to this file.
