Skip to content

Week 8: Shells and XSS

This week we are going to continue looking at Web Vulnerblilites.

Cross Site Scripting

The next topic we will look at is Cross Site Scripting. This is another topic high in the OWASP top 10, and is still very relevant today.

It is my belief that regardless of filtering systems, or input sanitisation methods, XSS is going to be around for a long time. So much of the web relies on people being able to send / receive messages, that displaying user input will never go away (and thus the potential mistakes in sanitising it remain)

Remote Shells

We are also going to take a look remote shells. Often the aim of an attacker is to try and gain some form of shell access to the remote server. This means that they are able to run commands on the machine, and potentially strengthen the exploit.

On Shells

We wont really be using shells this week, (although I have some demos for you to play with) However, next week when we get onto deserialisation, file uploads and includes style attacks we will use them. As there is a lot to get through next time, it breaks the work load up.

Lab

  • XSS Intro
  • XSS Dealing with sanitisation
  • XSS Session Jacking
Back to top