XCS cross channel scripting and its impact on web applications

Hristo Bojinov; Elie Bursztein; Dan Boneh

embedded devices

XCS cross channel scripting and its impact on web applications

By Hristo Bojinov, Elie Bursztein, Dan Boneh @CCS 2009

0 reaction(s) | 1102 downloads

We reveal a series of attacks against embedded devices based on a new type of vulnerability that we call cross channel scripting (XCS). XCS is a sophisticated form of cross site scripting (XSS) in which the attack injection and execution are carried out via different protocols.

Downloads

paper

slides

You might also like reading

Embedded devices 2010

The emergence of cross channel scripting

Clickjacking 2010

Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites

Study 2010

State of the Art Automated Black-Box Web Application Vulnerability Testing

Embedded devices 2011

Towards Secure Embedded Web Interfaces

Embedded devices 2009

Embedded Management Interfaces Emerging Massive Insecurity

Comments

About me

Researcher at Google, specializing in Internet security and privacy.

Latest blog posts

Blog posts loading requires that you enable javascript.

@INPROCEEDINGS {
title	= {XCS cross channel scripting and its impact on web applications}
author	= {Hristo Bojinov and Elie Bursztein and Dan Boneh}
booktitle	= { Computer and Communications Security (CCS)}
year	= {2009}
month	= {November}
url	= {\url{http://elie.im/publication/xcs-cross-channel-scripting-and-its-impact-on-web-applications}}
}