SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: Uxss?

  1. #1
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Uxss?

    What is UXSS? What is difference between XSS and UXSS?

    Example :

    UXSS in #FDF, #XML e #XFDF

    In addition by using the following request, is possible to execute javascript code
    inside Firefox browser:

    http://site.com/file.pdf#FDF=javascript:alert('Test Alert')

    The previous could be triggered against a site and because of this is a Universal Cross Site
    Scripting.
    UXSS is a particular type of Cross Site Scripting and has the ability to be triggered
    by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against
    insecure web sites. It's also possible to force clients to download files by supplying:

    http://site.com/file.pdf#FDF=javascr...ment.location= 'file://C:/winnt/notepad.exe'
    Does it make download? or run a program?
    http://site.com/file.pdf#FDF=javascript:document.location=[/url] 'file://C:/winnt/notepad.exe
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    It say so right in your quote...
    UXSS is a particular type of Cross Site Scripting and has the ability to be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •