312-50V13 · Question #620
As part of a penetration testing team, you've discovered a web application vulnerable to Cross- Site Scripting (XSS). The application sanitizes inputs against standard XSS payloads but fails to filter
The correct answer is D. Create a sophisticated XSS payload that leverages HTML encoding to bypass the input. To exploit an XSS vulnerability in an application that sanitizes standard payloads but not HTML-encoded characters and uses HTTPOnly cookies, the most viable strategy is to craft an HTML-encoded XSS payload to bypass the input filter.
Question
Options
- ABuild an XSS payload using HTML encoding and use it to exploit the server-side code, potentially
- BDevelop a browser exploit to bypass the HTTPOnly restriction, then use a HTML-encoded XSS
- CUtilize an HTML-encoded XSS payload to trigger a buffer overflow attack, forcing the server to
- DCreate a sophisticated XSS payload that leverages HTML encoding to bypass the input
How the community answered
(41 responses)- A12% (5)
- B5% (2)
- C2% (1)
- D80% (33)
Why each option
To exploit an XSS vulnerability in an application that sanitizes standard payloads but not HTML-encoded characters and uses HTTPOnly cookies, the most viable strategy is to craft an HTML-encoded XSS payload to bypass the input filter.
Building an XSS payload to exploit server-side code is a different type of vulnerability (e.g., server-side injection) and not directly related to exploiting a client-side XSS vulnerability where HTML encoding bypasses input filtering.
Developing a browser exploit to bypass HTTPOnly is significantly more complex, specific to browser versions, and beyond the scope of a typical XSS vulnerability exploitation against an application; it's an exploit against the browser itself.
Utilizing an HTML-encoded XSS payload to trigger a buffer overflow attack is mixing attack types; XSS is a client-side code injection, and a buffer overflow is typically a server-side memory corruption vulnerability.
Since the application fails to filter HTML-encoded characters, an attacker can create an XSS payload using HTML encoding (e.g., `<script>`) to bypass the input sanitization filter. Although HTTPOnly cookies prevent client-side scripts from directly accessing the `document.cookie` property, successfully executing an XSS payload via this encoding bypass is the critical first step that enables an attacker to then potentially launch further attacks, such as tricking the browser into sending cookies indirectly or performing actions on the user's behalf.
Concept tested: XSS payload encoding bypass, HTTPOnly limitations
Source: https://learn.microsoft.com/en-us/previous-versions/aspnet/ms972965(v=msdn.10)
Topics
Community Discussion
No community discussion yet for this question.