APPLICATION PENETRATION TEST SUPER VEDA
APPLICATION PENETRATION TEST SUPER VEDA
APPLICATION PENETRATION TEST SUPER VEDA
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Application Penetration Test for Super Veda- Sample Report -APPENDIX G - CROSS-SITE SCRIPTINGCross-Site Scripting in the Search PageAn attacker can take advantage of numerous input fields in the applicationin order to mislead an innocent customer entering the site into giving awayinformation, or as a tunnel for the attacker for future purchases on hisbehalf. As a demonstration of this ability we will show an injectedjavascript alert tag resulting in a dialog box appearing with the word‘hacked’.In the search page search.asp the results of the search are returned as is,in the returned page. An attacker injecting the search string:alert(“hacked”)Would result in this dialog box appearing on his screen.ImpervaPage72 of73