Script injection attacks in rich internet application = 리치 인터넷 애플리케이션에서의 스크립트 주입 공격

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 331
  • Download : 0
As the modern web application started to reflect the user input to generate dynamic content, Cross-Site Scripting (XSS) attack has gained its popularity. XSS vulnerability is caused by improperly validating the user input, and thus allows the injection of malicious client-side script. In response to its overwhelming popularity, a lot of research has been done to mitigate this XSS vulnerability. Unfortunately, XSS issues in rich internet applications are not as much studied as the regular web applications. In this thesis, we show XSS attacks against Adobe Flash application, one of the most popular rich internet applications. In order to emphasize the risk of XSS in rich internet application, we implemented an automated XSS vulnerability analyzing system to automatically discover vulnerable Flash applications that are being serviced on the Web. Our system discovered vulnerable Flash applications from domestic portal sites. We also tried uploading the script-injected Flash applications to both domestic and foreign blog hosting sites to test the XSS attacks, and the sites were also vulnerable to those attacks. An XSS attack can be extended to a variety of attacks, such as session hijacking, URL redirection, malware installation, key logging and so on. By exploiting vulnerable Flash applications revealed from the portal sites in Korea, this thesis demonstrated that it is possible to access other users’ private information with the hijacked session. We notified the administrator of the portal site to modify this security flaw. In order to prevent this XSS attack, any external input to a Flash application must be validated upon its arrival. Especially in the environment where the user can easily customize the page content, such as blog hosting sites, Flash application must be considered as a potential security threat. The execution of external script must be controlled by proper sanitization of the input values as it may affect a large number of visitors.
Advisors
Lim, Chaeho임채호Kim, Myungchul김명철
Description
한국과학기술원 :정보보호대학원,
Publisher
한국과학기술원
Issue Date
2013
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2013.8 ,[iv, 23 p. :]

Keywords

Script Injection Attack; Cross-site Scripting; XSS; Rich Internet Application; Flash; 스크립트 주입 공격; 크로스 사이트 스크립팅; 리치 인터넷 애플리케이션; 플래시

URI
http://hdl.handle.net/10203/221952
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=657359&flag=dissertation
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0