security - Can XSS be executed on server? -


hi xss attack treated attack client's machine. there way make xss attack on server ?

i want know there way execute code on server using client side interface in case of sql injection, here not database server simple web server or application server.

sometimes, it's possible use xss vector trigger , leverage cross-site request forgery (csrf) attacks.

having xss on website having control on javascript user execute when visiting it. if administrator stumbles upon xss code (either sending malicious link or means of stored xss), might him or execute requests or actions on webserver normal user wouldn't have access to. if know webpage layout enough, can request webpages on visitor's behalf (backends, user lists, etc.), , have results sent (exfiltrated) anywhere on internet.

you can use more advanced attack frameworks such beef attempt exploit vulnerabilities in visitor's browser. if visitor in question website administrator, might yield interesting information further attack webserver.

xss per se won't allow execute code on server, it's great vector leverage other vulnerabilities present on web application.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more