Hacker News new | past | comments | ask | show | jobs | submit login
Blast from the Past: Cross Site Scripting on the AWS Console (embracethered.com)
2 points by wendythehacker on July 1, 2020 | hide | past | favorite | 2 comments



xss is surprisingly hard to prevent because user input must be escaped differently depending on context (html, css, js, json).

User input also shows up in surprising locations such as dns records and whois info.

Luckily, an effective xss attack e.g. targetting the admin of a target website, often require a large amount of effort and social engineering.


This is especially true for reflected attacks, besides doing target spear phishing via email or messenger apps it won't be succesful.

For persistent attacks, its mostly just sit and wait for an attacker - they don't really control when/if a user visits the compromised page.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: