APPLICATION PENETRATION TEST SUPER VEDA

More documents

Recommendations

Info

Application Penetration Test for Super Veda- Sample Report -APPENDIX G - CROSS-SITE SCRIPTINGCross-Site Scripting in the Search PageAn attacker can take advantage of numerous input fields in the applicationin order to mislead an innocent customer entering the site into giving awayinformation, or as a tunnel for the attacker for future purchases on hisbehalf. As a demonstration of this ability we will show an injectedjavascript alert tag resulting in a dialog box appearing with the word‘hacked’.In the search page search.asp the results of the search are returned as is,in the returned page. An attacker injecting the search string:alert(“hacked”)Would result in this dialog box appearing on his screen.ImpervaPage72 of73
Application Penetration Test for Super Veda- Sample Report -Cross-Site Scripting in the Comments PageIn the subject of a comment in the addcomment.asp page, an attacker caninject scripting.ImpervaPage73 of73
Page 1 and 2:
APPLICATION PENETRATION TESTSUPER V
Page 3 and 4:
REFERENCESREF DOCUMENT VERSION DATE
Page 5 and 6:
5.6 Script Injection into User’s
Page 7 and 8:
Application Penetration Test for Su
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22: Application Penetration Test for Su
Page 71: Application Penetration Test for Su
show all

APPLICATION PENETRATION TEST SUPER VEDA

Create successful ePaper yourself

Delete template?

Save as template?