Web Security Locations for XSS Attacks
Transcript from the "Locations for XSS Attacks" Lesson
>> Mike North: So let's talk about places to look for cross-site scripting vulnerabilities, cuz it's overwhelming to think that this could happen across your entire app. Anywhere you have a WYSIWYG, which is a really long abbreviation for what you see is what you get. So this is the ability to add rich text as content to a particular area where you can say, you can drop an image tag here, right.
[00:00:25] Anywhere you have that it is a potential place where you can start experimenting and seeing if you can slip in any of a number of three or four dozen cross-site scripting attack techniques. Embedded content, so if you can drop an Iframe somewhere or if you can put an object, right, like a flash embed, those are cross-site vulnerabilities.
[00:01:36] That is a potential place you could have a reflected cross-site scripting vulnerability. Anywhere query parameters are rendered into the DOM, that's a typical vector for a DOM-based cross-site scripting attack. And then innerHTML, that's element.innerHTML, that can be arbitrary HTML, and that's where you could just add a script tag, and that is an exceptionally easy one to exploit.