Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems
Authors
Jian-zhong ZHANG, Ao CHAI
Corresponding Author
Jian-zhong ZHANG
Available Online December 2016.
- DOI
- 10.2991/cnct-16.2017.106How to use a DOI?
- Keywords
- HTML5, XSS, Web Security
- Abstract
Cross-site scripting attacks has always been one of the most common attacks to the front-end network applications. With the popularity of HTML5, the security of Email systems is facing new challenges. In this paper, we propose a new approach which utilizes HTML5 new tags and new attributes to construct storage-type XSS attack vectors. Based on this method, we have tested several domestic and foreign common mailbox and detected six HTML5-based XSS vulnerabilities. The final evaluation results show that our method can detect storage-type XSS vulnerabilities based on HTML5 effectively.
- Copyright
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Jian-zhong ZHANG AU - Ao CHAI PY - 2016/12 DA - 2016/12 TI - Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems BT - Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016) PB - Atlantis Press SP - 765 EP - 773 SN - 2352-538X UR - https://doi.org/10.2991/cnct-16.2017.106 DO - 10.2991/cnct-16.2017.106 ID - ZHANG2016/12 ER -