On Sun, Mar 2, 2014 at 11:21 PM, Nick Gleason <[email protected]>wrote:
>
> Hi guys,
>
> Following up on this thread I have a related question - what are some
> examples of XSS scenarios other than comments and forum posts.
> Any other prominent risk scenarios for XSS?
>
There are a lot of scenarios, essentially anywhere you output a variable
that originated in some part from an external source.
So for example, let's say you have a search form for your site with some
code like this:
<cfoutput>Your search for #url.query# returned #search.recordcount#
results</cfoutput>
There is an XSS risk there because someone could create a link to
/search.cfm?query=<script>alert('xss')</script> (now if you try that
example in a modern browser you will find that it might not actually work
due to the builtin XSS protection in browsers, but the hole is there and
there are ways to bypass the browsers xss protection).
So basically any time you take a variable that comes from the user or some
other untrusted source and output it, you have the potential for an XSS
hole.
Also you should checkout Content-Security-Policy headers this can help
reduce XSS risks significantly on browsers that support it. See:
http://content-security-policy.com/ for more info or come to my
cf.Objective(2014) presentation :)
--
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - Is your ColdFusion Server Secure?
http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10
minutes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357812
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
