Matches in DBpedia 2015-10 for { <http://dbpedia.org/resource/Reflected_DOM_Injection> ?p ?o }
Showing triples 1 to 33 of
33
with 100 triples per page.
- Reflected_DOM_Injection abstract "Reflected DOM Injection (RDI) is an evasive XSS technique which uses a third party website to construct and execute an attack. This technique can be implemented on websites that use a user-provided URL as part of their service (e.g. translation services, caching services, etc.)In order to implement this technique:Take a piece of code that you would like to hide using RDI (“Code X”)Find a service that receives user input as described above (“Service Y”)Choose a feature that is unique to this service (e.g. a DOM element added by this service) and use it to create a pseudo-unique “key”.Encrypt Code X using the key and host it on your website, add code that will attempt to re-create the key and decrypt the content in runtime.Browse to your website using Service Y. The decryption code will execute and re-generate the key, decrypt your hidden code, and execute it.By using this technique the exploit is triggered only if the user followed the expected flow and accessed our website using the third party service. The same code, however, would not execute by browsing directly to the attacker’s website.Figure 1 describes a direct access to a website that uses the RDI technique to exploit the user’s browser. By accessing the website directly, the exploit remained encrypted and the content sent to the client machine remains benign.Figure 2 describes the attack scenario - where the user accesses the website which uses the RDI technique using the third party Service Y. The service creates a new connection to the attacker’s website, receives the content, manipulates it in order to provide the service, and delivers the new modified content to the user. This manipulation done by Service Y turns the attacker’s page into a malicious one by helping generate the key required to decrypt the malicious code. The RDI technique actually uses the third party service to create the malicious content.The RDI technique provides the following benefits:The URL to the exploit is hosted on known and legit service.The content hosted on the attacker’s website is essentially legit when accessed directly.The malicious content can only be revealed by following the full flow of the attack.The RDI technique was first presented at DEFCON 21 by Daniel Chechik and Anat Davidi. A full scenario of the technique is described in a paper published following the conference on the Trustwave SpiderLabs blog.".
- Reflected_DOM_Injection thumbnail RDI_phase_1.PNG?width=300.
- Reflected_DOM_Injection wikiPageID "40800594".
- Reflected_DOM_Injection wikiPageLength "3181".
- Reflected_DOM_Injection wikiPageOutDegree "11".
- Reflected_DOM_Injection wikiPageRevisionID "577397737".
- Reflected_DOM_Injection wikiPageWikiLink Attack_(computing).
- Reflected_DOM_Injection wikiPageWikiLink Category:Computer_security_exploits.
- Reflected_DOM_Injection wikiPageWikiLink Category:Injection_exploits.
- Reflected_DOM_Injection wikiPageWikiLink Category:Web_security_exploits.
- Reflected_DOM_Injection wikiPageWikiLink Cross-site_scripting.
- Reflected_DOM_Injection wikiPageWikiLink Document_Object_Model.
- Reflected_DOM_Injection wikiPageWikiLink Encryption.
- Reflected_DOM_Injection wikiPageWikiLink Exploit_(computer_security).
- Reflected_DOM_Injection wikiPageWikiLink Web_browser.
- Reflected_DOM_Injection wikiPageWikiLink File:RDI_phase_1.PNG.
- Reflected_DOM_Injection wikiPageWikiLink File:RDI_phase_2.PNG.
- Reflected_DOM_Injection wikiPageWikiLinkText "Reflected DOM Injection".
- Reflected_DOM_Injection hasPhotoCollection Reflected_DOM_Injection.
- Reflected_DOM_Injection wikiPageUsesTemplate Template:Reflist.
- Reflected_DOM_Injection subject Category:Computer_security_exploits.
- Reflected_DOM_Injection subject Category:Injection_exploits.
- Reflected_DOM_Injection subject Category:Web_security_exploits.
- Reflected_DOM_Injection hypernym Technique.
- Reflected_DOM_Injection type Software.
- Reflected_DOM_Injection comment "Reflected DOM Injection (RDI) is an evasive XSS technique which uses a third party website to construct and execute an attack. This technique can be implemented on websites that use a user-provided URL as part of their service (e.g.".
- Reflected_DOM_Injection label "Reflected DOM Injection".
- Reflected_DOM_Injection sameAs m.0y7wpv_.
- Reflected_DOM_Injection sameAs Q17077879.
- Reflected_DOM_Injection sameAs Q17077879.
- Reflected_DOM_Injection wasDerivedFrom Reflected_DOM_Injection?oldid=577397737.
- Reflected_DOM_Injection depiction RDI_phase_1.PNG.
- Reflected_DOM_Injection isPrimaryTopicOf Reflected_DOM_Injection.