TUCoPS :: HP Unsorted E :: va3036.htm

Evading Web XSS Filters with Microsoft Word - WAPT Perspective
Evading Web XSS Filters with Microsoft Word - WAPT Perspective
Evading Web XSS Filters with Microsoft Word - WAPT Perspective



Hi

This paper exposes a new attack vector of testing web applications
having upload functionality.
It enhances the web application penetration testing perspective by
demonstrating a new way to
produce XSS in the web applications when a word document is rendered
directly in the browser.
This attack has been tested on number of enterprise web applications and
is successfully triggered.
The vendor have been given advisories in relation to this attack vector.
It works fine with custom
designed web applications in distributed environment.

Some time enhanced functionality in software leads to generation of new
attack vectors.

You can download the paper at:

http://www.secniche.org/paper.html 
http://www.secniche.org/papers/SNS_09_01_Evad_Xss_Filter_Msword.pdf 

Regards
Aditya K Sood
Founder , SecNiche Security
http://www.secniche.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH