Protecting a Web Application Against Attacks Through HTML Shared Files |
|
| BugsAlert Home > Protecting a Web Application Against Attacks Through HTML Shared Files | |
|
LinuxSecurity.com: "Many Web applications have a file-sharing feature that allows Web users to share files by uploading them to, and downloading them from, a Web-accessible file repository. Shared files may include HTML files and other files containing scripts that are executed by the browser in the security context of the user that downloads the file. This opens the door to a range of crossuser attacks, including attacks by former users and even attacks by a user of a virtual application instance against a different virtual instance of the same application. Such attacks are in essence XSS attacks, but the usual defenses against XSS are typically not available, because shared files cannot be sanitized." The title of this article caught my eye. This article looks at ways to protect your Web applications against attacks through HTML shared files. Read on for more information.... Original Source: http://www.linuxsecurity.com/content/view/144086?rdf Learn more about Protecting a Web Application Against Attacks Through HTML Shared Files |
|
|
Tags: protecting web application attacks html shared files |
|
Related Items |
|
|
Mandriva: Subject: [Security Announce] [ MDVA-2008:197 ] mandriva-kde-config
|
|
|
FrSIRT - F-Secure Products CAB and RAR Archives Security Bypass Vulnerability
|
|
|
Mini-CMS 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities
|
|
|
Daniel Glazman: Shiretoko and twitter.com
|
|
|
Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
|
Brief: Apple wraps up 21 flaws for holidays
|
|
|
CVE-2007-6325 (Fastpublish CMS)
|
|
