Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Web Attacks: An Online shoe business has their website set up so that logged-in

ID: 3582076 • Letter: W

Question

Web Attacks:

An Online shoe business has their website set up so that logged-in users have an HTTP cookie. One such user, Alice, buys a pair of shoes and notices that after confirming that she wants to buy the shoes the site takes her to a page with the URL http://www.shoeplace.com/buy.php?shoeID=123456

In other words, the shoe website is using a GET request to place the final order. Suppose while logged into the shoe site, Alice visits evil.com in another browser tab.

Give malicious HTML, , with a brief explaination, that an adversary in control of this evil site can send to Alice's browser to cause problems for her on the shoe site.

Explanation / Answer

When Alice, buys a pair of shoes and notices that after confirming that she wants to buy the shoes the site takes her to a page with the URL http://www.shoeplace.com/buy.php?shoeID=123456 i.e. the shoe website is using a GET request to place the final order. But when in between Alice visits evil.com in another browser tab then the website evil.com can send arbitrary HTML code. It is a type of injection issue that occurs when a user is able to control an input point.

A particular type of attacks commonly referred to as “code insertion or injection” and often “Cross-Site Scripting” has become very popular. Unfortunately, the number of applications vulnerable to these attacks is increasing rapidly, and the varieties of ways attackers are finding to be successful in exploiting them is on the increase. Analysis of a lot of sites has indicated that not only are the majority of sites vulnerable, but they are vulnerable to many different types of methods and much of their content is vigrously affected.An embedded code attack is heavily dependant on the delivery function. Thus the delivery method often interprets the audience the script will drop heavily.

Related Questions

Weather Corp. issued ten-year, 8%, $100,000 bonds paying interest on an annual b
Question #2601260
Weather Forecast: The table below indicates the accuracy of a local weather repo
Question #3362938
Weather Forecaster Ap in Java Applet: JavaFX for the UI and you can set up the U
Question #3731087
Weather Forecaster App Java Language Android App Goal: Create an app to display
Question #665690
Weather Forecaster App in Java Java Applet: JavaFX for the UI and you can set up
Question #3740198
Weather Fronts A weather front is simply a boundary between different air masses
Question #282978
Weather Hank is a young civil engineer, fresh out of college and working for a m
Question #2312143
Weather List the types of materials used to create a concrete sidewalk. Material
Question #2312987
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Web Application Vulnerability and Potential False Positives As a Penetration Tes
Next
Web Browser Write a very simple GUI web browser. Your program should have a text

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.