Title | ||
---|---|---|
Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-On Cross Site Scripting Attacks. |
Abstract | ||
---|---|---|
Add-on JavaScript originating from users' inputs to the browser brings new functionalities such as debugging and entertainment, however it also leads to a new type of cross-site scripting attack (defined as add-on XSS by us), which consists of two parts: a snippet of JavaScript in clear text, and a spamming sentence enticing benign users to input the previous JavaScript. In this paper, we focus on the most common add-on XSS, the one caused by browser address bar JavaScript. To measure the severity, we conduct three experiments: (i) analysis on real-world traces from two large social networks, (ii) a user study by means of recruiting Amazon Mechanical Turks [4], and (iii) a Facebook experiment with a fake account. We believe as the first systematic and scientific study, our paper can ring a bell for all the browser vendors and shed a light for future researchers to find an appropriate solution for add-on XSS. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1007/978-3-319-23829-6_45 | Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering |
Keywords | Field | DocType |
Browser address bar,Add-on cross-site scripting,User study | Address bar,World Wide Web,HTML scripting,Computer security,Computer science,Cross-site request forgery,Cross-site scripting,Client-side scripting,JavaScript,Server-side scripting,Scripting language | Conference |
Volume | ISSN | Citations |
152 | 1867-8211 | 0 |
PageRank | References | Authors |
0.34 | 19 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yinzhi Cao | 1 | 297 | 18.73 |
Chao Yang | 2 | 399 | 39.13 |
Vaibhav Rastogi | 3 | 118 | 7.97 |
Yan Chen | 4 | 3842 | 220.64 |
Guofei Gu | 5 | 3361 | 173.45 |