|
Cross-Site-Scripting with Morse code |
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in your address bar.
The website in question takes user input as Morse code and translates it into plain text using PHP script. Unfortunately, the programmers forgot to check the script's input and output, allowing JavaScript to be included and executed on the website that displays the results of the translated Morse code.
Read more at: . |