Cross-Site Scripting is a wide-spread kind of attack. It has been reported and exploited since the 1990s and became more and more important in the era of Web 2.0. Roughly 80 percent of all security vulnerabilities are Cross-Site Scripting [Syman2007]. But Cross-Site Scripting has always been a web application security hole so far and everyone focused on secure programming of web applications. In addition to this, there are many more possibilities of data exchange like instant messaging. Instant messaging clients were developed further and are now able to interpret HTML. This new potential of security holes is the emphasis of this work. The focus is on the question: Is it possible to execute JavaScript in file system context?
Inhaltsverzeichnis (Table of Contents)
- Abstract
- Introduction
- Overview
- Cross-Site Scripting (XSS)
- Reflected XSS
- Stored XSS
- DOM injection
- Instant Messaging and Cross-Site Scripting (XSS)
- ICQ
- Miranda IM
- Pidgin
- Climm
- Cross-Site Scripting (XSS)
- Testing
- Preparations
- Platform adaptations
- Analysing activities
- Message Box
- XSS Cheat Sheet
- HTML Tags
- CSS Expressions
- Files
- Maliciously Formed Names
- Malicious Content
- Preparations
- Conclusion
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This term paper explores the potential security vulnerabilities of instant messaging clients by examining the possibility of executing JavaScript in their file system context. It aims to investigate whether Cross-Site Scripting (XSS), a well-known web application security threat, can be exploited in instant messaging environments.
- Cross-Site Scripting (XSS) in instant messaging clients
- JavaScript execution in file system context
- Security vulnerabilities of popular instant messaging clients
- Testing methods for XSS attacks in instant messaging
- Potential risks and mitigation strategies
Zusammenfassung der Kapitel (Chapter Summaries)
- Abstract: This chapter provides a brief overview of the paper, highlighting the importance of XSS attacks and the growing concern of their potential in instant messaging applications.
- Introduction: This chapter sets the stage for the research, discussing the history and prevalence of XSS attacks, particularly in the context of web applications. It also introduces the concept of XSS vulnerabilities in instant messaging clients.
- Overview: This chapter delves into the different types of XSS attacks, including reflected XSS, stored XSS, and DOM injection. It also focuses on the specific vulnerabilities of popular instant messaging clients like ICQ, Miranda IM, Pidgin, and Climm. This section discusses how these clients handle HTML content and the potential for exploitation.
- Testing: This chapter outlines the testing methodologies employed in the research. It describes the preparations made for testing, including platform adaptations and activity analysis. It also delves into the various aspects of XSS testing, such as utilizing an XSS cheat sheet, exploiting HTML tags, and manipulating CSS expressions.
Schlüsselwörter (Keywords)
This term paper focuses on the intersection of instant messaging and Cross-Site Scripting (XSS), exploring the potential for XSS attacks in the file system context of various instant messaging clients. The research examines security vulnerabilities, testing methods, and potential risks associated with these attacks. Key themes include JavaScript execution, HTML interpretation, and mitigation strategies for protecting users from XSS threats.
- Quote paper
- MSc. Katharina Kurek (Author), 2011, Instant Messaging and Cross Site Scripting (XSS), Munich, GRIN Verlag, https://www.grin.com/document/192840
