FAQ по html-Injection

Discussion in 'Уязвимости' started by Qws, 5 Apr 2009.

  1. Qws

    Qws Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    46
    Likes Received:
    57
    Reputations:
    5
    Дайте пожалуйста подробний фак по этом виде уязвимостей.Или обясните как находить inj подобного типа.Пасиба.
     
    #1 Qws, 5 Apr 2009
  2. DimOnOID

    DimOnOID Banned

    Joined:
    5 Dec 2006
    Messages:
    407
    Likes Received:
    126
    Reputations:
    4
    Не существует таких....или ты про XSS?.
     
    #2 DimOnOID, 5 Apr 2009
  3. иддкд

    иддкд Banned

    Joined:
    27 Mar 2009
    Messages:
    21
    Likes Received:
    31
    Reputations:
    0
    http://www.cgisecurity.com/questions/htmlinjection.shtml
    :(
     
    #3 иддкд, 5 Apr 2009
    2 people like this.
  4. Karantin

    Karantin Elder - Старейшина

    Joined:
    21 Dec 2007
    Messages:
    330
    Likes Received:
    146
    Reputations:
    24
    #4 Karantin, 5 Apr 2009
    6 people like this.
  5. иддкд

    иддкд Banned

    Joined:
    27 Mar 2009
    Messages:
    21
    Likes Received:
    31
    Reputations:
    0
    +5
     
    #5 иддкд, 5 Apr 2009
  6. Qws

    Qws Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    46
    Likes Received:
    57
    Reputations:
    5
    ОГоспади... если так,то обясните:

    Есть ли разница между xss html-inj?
     
    #6 Qws, 5 Apr 2009
  7. иддкд

    иддкд Banned

    Joined:
    27 Mar 2009
    Messages:
    21
    Likes Received:
    31
    Reputations:
    0
    нет
     
    #7 иддкд, 5 Apr 2009
  8. eLWAux

    eLWAux Elder - Старейшина

    Joined:
    15 Jun 2008
    Messages:
    860
    Likes Received:
    616
    Reputations:
    211
    htmlInjection == xss

    ↑ http://www.securitylab.ru/analytics/275087.php
    ↑ По данным securitylab.ru 15,37 % за второй квартал 2008 и 16,57 % за первый квартал 2008
    ↑ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0902 (англ.)
    ↑ http://seclists.org/bugtraq/2002/May/0243.html (англ.)
    ↑ http://old.antichat.ru/txt/utf7/
    ↑ http://openmya.hacker.jp/hasegawa/security/utf7cs.html (англ.)
    ↑ http://eyeonsecurity.org/papers/flash-xss.htm (англ.)
    ↑ http://www.securitylab.ru/analytics/274302.php
     
    #8 eLWAux, 5 Apr 2009
  9. Chaak

    Chaak Elder - Старейшина

    Joined:
    1 Jun 2008
    Messages:
    1,059
    Likes Received:
    1,067
    Reputations:
    80
    XSS - Html -injection
    P.S Возможно имеется ввиду еще и XPath Injection(xml-injection) , когда производятся инъекции в базы данных на xml (???)
     
    #9 Chaak, 5 Apr 2009
    2 people like this.
  10. Qws

    Qws Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    46
    Likes Received:
    57
    Reputations:
    5
    Нет,не то.
     
    #10 Qws, 5 Apr 2009
  11. Qws

    Qws Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    46
    Likes Received:
    57
    Reputations:
    5
    http://www.xakep.ru/magazine/xs/075/030/1.asp

    Вот это меня поподробнее интересует.
     
    #11 Qws, 5 Apr 2009
  12. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    http://forum.antichat.ru/thread20140.html :)

     
    #12 edge911, 5 Apr 2009
    1 person likes this.
  13. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,520
    Likes Received:
    401
    Reputations:
    196
    Суровые челябинские хакеры, которые никогда не пользовались хакерским софтом, а ломали html голыми руками
     
    #13 попугай, 5 Apr 2009
    1 person likes this.
  14. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    как мило..
     
    #14 edge911, 5 Apr 2009
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.