Extended HTML Form Attack

Summary of the attack

A new Cross Site Scripting attack which effects (at least) major browsers Internet Explorer and Opera. This one makes use of forms targeted at non-HTTP services. This paper covers the following points:

- A short description of the original HTML Form Attack paper
- An introduction to Cross site scripting
- Displaying HTML content from non-HTML supporting services (echo, smtp etc)
- How attackers can exploit this issue - finding vulnerable servers
- Solutions to the problem described.

Download Paper:

http://eyeonsecurity.org/papers/extendedform.pdf