http://www.spidynamics.com/whitepapers/SPIcross sitescripting.pdf

 Cross site Scripting Explained , By Amit Klein   Sanctum

http://www.sanctuminc.com/pdf/WhitePaper_CSS_Explained.pdf

 HTML Code Injection and Cross site Scripting , By Gunter Ollmann

http://www.technicalinfo.net/papers/CSS.html

4   C o m m a n d   E x e c u t i o n

The Command Execution section covers attacks designed to execute

remote commands on the web site. All web sites utilize user supplied

input to fulfill requests. Often these user supplied data are used to

create construct commands resulting in dynamic web page content. If

this process is done insecurely, an attacker could alter command

execution.

4.1  Buffer Overflow

Buffer Overflow exploits are attacks that alter the flow of an

application by overwriting parts of memory. Buffer Overflow is a

common software flaw that results in an error condition. This error

condition occurs when data written to memory exceed the allocated

size of the buffer. As the buffer is overflowed, adjacent memory

addresses are overwritten causing the software to fault or crash.

When unrestricted, properly crafted input can be used to overflow the

buffer resulting in a number of security issues.

A Buffer Overflow can be used as a Denial of Service attack when

memory is corrupted, resulting in software failure. Even more critical

is the ability of a Buffer Overflow attack to alter application flow and

force unintended actions. This scenario can occur in several ways.

Buffer Overflow vulnerabilities have been used to overwrite stack

pointers and redirect the program to execute malicious instructions.

Buffer Overflows have also been used to change program variables.

27

Copyright 2004, Web Application Security Consortium. All rights reserved.