Automated detection of cross site scripting vulnerabilities
First Claim
1. A computer-performed method for automated detection of a cross site scripting vulnerability of a web site, comprising:
- determining key-value pairs corresponding to the web site;
for each determined key-value pair, at least until a first vulnerability is detected, performing a sub-method comprising;
submitting the key-value pair to the web site, wherein the value of the key-value pair comprises a tracer value;
receiving a web page responsive to the submitted key-value pair;
determining a location of the tracer value, when present, in the received web page; and
when the tracer value is present in the received web page, submitting a second key-value pair to the web site, wherein the value of the second key-value pair comprises a script.
2 Assignments
0 Petitions
Accused Products
Abstract
An automated method and system for testing a web site for vulnerability to a cross site scripting (XSS) attack are disclosed. The automated tool injects a tracer value into both GET and POST form data, and monitors the resultant HTML to determine whether the tracer value is returned to the local machine by the server to which it was sent. If the tracer value is returned, the automated tool attempts to exploit the web site by injecting a non-malicious script as part of an input value for some form data, based on the location in the returned HTML in which the returned tracer value was found. If the exploit is successful, as indicated by the non-malicious script, the automated tool logs the exploit to a log file that a user can review at a later time, e.g., to assist in debugging the web site.
147 Citations
54 Claims
-
1. A computer-performed method for automated detection of a cross site scripting vulnerability of a web site, comprising:
-
determining key-value pairs corresponding to the web site; for each determined key-value pair, at least until a first vulnerability is detected, performing a sub-method comprising; submitting the key-value pair to the web site, wherein the value of the key-value pair comprises a tracer value; receiving a web page responsive to the submitted key-value pair; determining a location of the tracer value, when present, in the received web page; and when the tracer value is present in the received web page, submitting a second key-value pair to the web site, wherein the value of the second key-value pair comprises a script. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable storage medium storing computer readable instructions that, when executed, cause a computer to perform a method for automated detection of a cross site scripting vulnerability of a web site, comprising:
-
determining key-value pairs corresponding to the web site; for each determined key-value pair, at least until a first vulnerability is detected, performing a sub-method comprising; submitting the key-value pair to the web site, wherein the value of the key-value pair comprises a tracer value; receiving a web page responsive to the submitted key-value pair; determining a location of the tracer value, when present, in the received web page; and when the tracer value is present in the received web page, submitting a second key-value pair to the web site, wherein the value of the second key-value pair comprises a script. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer system comprising:
-
a processor; and memory storing computer readable instructions that, when executed by the processor, cause the computer system to perform a method for automated detection of a cross site scripting vulnerability of a web site, comprising; determining key-value pairs corresponding to the web site; for each determined key-value pair, at least until a first vulnerability is detected, performing a sub-method comprising; submitting the key-value pair to the web site, wherein the value of the key-value pair comprises a tracer value; receiving a web page responsive to the submitted key-value pair; determining a location of the tracer value, when present, in the received web page; and when the tracer value is present in the received web page, submitting a second key-value pair to the web site, wherein the value of the second key-value pair comprises a script. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
Specification