473,399 Members | 2,278 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > cross-site scripting basic sample

Join Bytes to post your question to a community of 473,399 software developers and data experts.

Cross-Site Scripting basic sample

Hi!

I just read in "Writing Secure Code" book a chapter about Cross-Site
Scripting.
Here the relevant paragraph:

This is bad because a malicious user could access another's important
data, such as their cookies.
I bet you've seen ASP code like this before:
Hello,  
<%
Response.Write(Request.Querystring("name"))
%>

This code will write out to the browser whatever is in the name field
in the querystring, for example:
www.hexair-sample-13.com/req.asp?name=Blake

So, that seems fine and secure, but what if an attacker can convince a
user to click on this link, for example on a Web page, a newsgroup or
an e-mail message? That doesn't seem like a big deal, until you
realize that an attacker could have the unsuspecting user click on
this link:
<a href=www.hexair-sample-13.com/req/asp?name=scriptcode>Click here to
win $1,000,000</a>

My question is:

Suppouse I have the following code which I want to put in "scriptcode"
variable.
<script>x=document.cookie; alert(x); </script></scriptcode>

I created the HTML page as follows:

<HTML>
<BODY>
<a href=http://localhost/Sec/sample.asp?name=scriptcode> Click
Here</a>
</BODY>
</HTML>
Where and how I put my scriptcode ?
All this just for educational reasons...

Thanks a lot !
Jul 19 '05 #1
0 1697
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
cross posting vs. multi posting ( both *APPEAR* to be widely accepted )
by: * ProteanThread * | last post by:
but depends upon the clique: ...
HTML / CSS
3
Red Cross bizarre problem.
by: rollasoc | last post by:
Hi, Doing a bit of system testing on a Windows 98 laptop. (.Net 1.1 app). Did a bit of testing. Loaded a previously saved file. A gray box appeared with the text and buttons all white...
.NET Framework
4
Suppress Zero values in a Cross Tab report
by: David Peach | last post by:
Hello, hope somebody here can help me... I have a query that lists defects recorded in a user defined date range. That query is then used as the source for a Cross Tab query that cross-tabs count...
Microsoft Access / VBA
23
How do I: Main thread spawn child threads, which child processes...control those child processes?
by: Jeff Rodriguez | last post by:
Here's what I want do: Have a main daemon which starts up several threads in a Boss-Queue structure. From those threads, I want them all to sit and watch a queue. Once an entry goes into the...
C / C++
8
BackGroundWorker.ProgressChanged "Cross-thread operation not valid" at 2nd/3th/... progress
by: Pieter | last post by:
Hi, I'm having some weird problem using the BackGroundWorker in an Outlook (2003) Add-In, with VB.NET 2005: I'm using the BackGroundWorker to get the info of some mailitems, and after each item...
.NET Framework
3
Detecting cross-apartment COM calls?
by: jlamanna | last post by:
I was wondering if there was a utility that could tell you when your C# application is making cross-apartment COM calls. I have a fairly large application that makes extensive use of a 3rd party...
C# / C Sharp
1
using a cross-tab query in a report...
by: Rob Woodworth | last post by:
Hi, I'm having serious problems getting my report to work. I need to generate a timesheet report which will contain info for one employee between certain dates (one week's worth of dates). I...
Microsoft Access / VBA
6
Cross product of arrays
by: Robert Bravery | last post by:
Hi all, Can some one show me how to achieve a cross product of arrays. So that if I had two arrays (could be any number) with three elements in each (once again could be any number) I would get:...
C# / C Sharp
7
Cross-platform C++ programming
by: Charles | last post by:
I'd like to develop a simple cross-platform application in C++. I'd like it to run in Windows, OS X, PC-BSD and Linux. From my research, it seems I should use Qt or Gtk as a graphical library. Do...
C / C++
6
Synchronous Cross-Domain Request without Proxy
by: Simon | last post by:
Hi All, An experiment i'm doing requires requires a synchronous cross-domain request, without using a proxy. I wondered if anyone had any ideas to help me achieve this. Below is what I have...
Javascript
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!