Questions
Answers can be found at http://mdsec.net/wahh
.
- What standard “signature” in an application's behavior can be used to identify most instances of XSS vulnerabilities?
- You discover a reflected XSS vulnerability within the unauthenticated area of an application's functionality. State two different ways in which the vulnerability could be used to compromise an authenticated session within the application.
- You discover that the contents of a cookie parameter are copied without any filters or sanitization into the application's response. Can this behavior be used to inject arbitrary JavaScript into the returned page? Can it be exploited to perform an XSS attack against another user?
- You discover stored XSS behavior within data that is only ever displayed back to yourself. Does this behavior have any security significance?
- You are attacking a web mail application that handles file attachments and displays these in-browser. What common vulnerability should...