[WEB SECURITY] Cross-Language Scripting

MustLive mustlive at websecurity.com.ua
Mon May 31 16:05:00 EDT 2010


Hello participants of Mailing List.

Recently I wrote to the list about Local XSS
(http://www.webappsec.org/lists/websecurity/archive/2010-05/msg00064.html) -
the type of Cross-Site Scripting vulnerabilities, which I found in 2006. And
on previous week I wrote about another new type of XSS founded by me (and
today I published it's English version). It’s Cross-Language Scripting
(http://websecurity.com.ua/4247/), which I created in December 2006.

Cross-Language Scripting - it’s Cross-Site Scripting vulnerabilities in
online interpreters. This class of XSS vulnerabilities I created at
23.12.2006, when found vulnerability in online interpreter CodeIDE, and
28.02.2007 I found such vulnerability in my Perl Pas Interpreter. These
vulnerabilities allow to conduct XSS attacks on web application interpreter,
so due to sending to interpreter a code on programming language which it
supports, to receive JavaScript or VBScript code at the output.

Table of contents:

1. Nuances of Cross-Language Scripting.
2. Examples of Cross-Language Scripting.
3. Perl Pas Interpreter.
4. CodeIDE.

You can read the article Cross-Language Scripting at my site:
http://websecurity.com.ua/4247/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list