XSS in Ajax

The following functions needs to be inspected for XSS as they might be 'possible' pointers to XSS. They could be a pointer to possible xss attacks:
eval()
document.write()
innerHTML()
write()

Safe function:
Instead of using innerHTML, one should use innerText()
 
XSS payload in Jason and their effects:
A nice example from iSec Partners:
var inboundJSON = {"people": [
{"name": "Joel", "address": “<script>badStuff();</script>", "phone": “911"}
]
};
someObject.innerHTML(inboundJSON.people[0].address);               // Vulnerable
document.write(inboundJSON.people[0].address);                             // Vulnerable
someObject.innerText(inboundJSON.people[0].address                     // Not Vulnerable

Comments

Anonymous said…
the innerText()function is not entirely fault free, when u process the following inbound json:
var inboundJSON = {"people": [
{"name": "Joel", "address": “badStuff();", "phone": “911"}
]
};

someObject.innerHTML(inboundJSON.people[0].address);

when "someobject" or the target element is script the above statement becomes vulnerable. Because innerText will execute anything that goes inside the script tag.

Popular posts from this blog

SQL Injection in search field

Nipper Download