The increasing popularity of the World Wide Web has made more and more individuals and companies to identify the need of acquiring a Web presence. The most common way of acquiring such a presence is through Web hosting com-panies and the most popular hosting solution is shared Web hosting. In this paper we investigate the workings of shared Web hosting and we point out the potential lack of session iso-lation between domains hosted on the same physical server. We present two novel server-side attacks against session stor-age which target the logic of a Web application instead of specific logged-in users. Due to the lack of isolation, an at-tacker with a domain under his control can force arbitrary sessions to co-located Web applications as ...
Abstract — As social websites get more and more users across internet, Cross Site Scripting is becom...
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express ...
Session management is a particularly delicate component of web applications, which might suffer from...
The increasing popularity of the World Wide Web has made more and more individuals and companies to...
Abstract. The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security pro...
As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and servic...
Abstract. With the growing trend towards the use of web applications the danger posed by cross site ...
The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem in th...
Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpen...
Abstract—Shared hosting is a kind of web hosting in which multiple websites reside on one webserver....
Related-domain attackers control a sibling domain of their target web application, e.g., as the resu...
Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is ...
Many Web applications have a file-sharing feature that allows Web users to share files by uploading ...
In this article, we survey the most common attacks against web sessions, that is, attacks that targe...
This paper first investigates and analyzes security holes concerning the use of Server-Side Includes...
Abstract — As social websites get more and more users across internet, Cross Site Scripting is becom...
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express ...
Session management is a particularly delicate component of web applications, which might suffer from...
The increasing popularity of the World Wide Web has made more and more individuals and companies to...
Abstract. The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security pro...
As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and servic...
Abstract. With the growing trend towards the use of web applications the danger posed by cross site ...
The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem in th...
Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpen...
Abstract—Shared hosting is a kind of web hosting in which multiple websites reside on one webserver....
Related-domain attackers control a sibling domain of their target web application, e.g., as the resu...
Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is ...
Many Web applications have a file-sharing feature that allows Web users to share files by uploading ...
In this article, we survey the most common attacks against web sessions, that is, attacks that targe...
This paper first investigates and analyzes security holes concerning the use of Server-Side Includes...
Abstract — As social websites get more and more users across internet, Cross Site Scripting is becom...
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express ...
Session management is a particularly delicate component of web applications, which might suffer from...