Cross-Site Scripting Explained – Part 8: Javascript String Injection
iSpeech.org
Author: Jeremy Druin
Twitter: @webpwnized
Description: Exploiting XSS using injections which land in JavaScript strings is one of the more potent attacks. These are sometimes over looked since most injections land in HTML context rather than JavaScript strings. While not as common, injections landing in JavaScript strings should be patched quickly since injections can be performed without the need to inject HTML tags.
The software used in the video is the OWASP Mutillidae II Web Pen-Test Practice Application. Mutillidae is available for download at http://sourceforge.net/projects/mutillidae/. Updates about Mutillidae are tweeted to @webpwnized along with annoucements about video releases. Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!
The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
2013-06-30 17:51:17
source
Gloss