Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems

Authors
Jian-zhong ZHANG, Ao CHAI
Corresponding Author
Jian-zhong ZHANG
Available Online December 2016.
DOI
10.2991/cnct-16.2017.106How to use a DOI?
Keywords
HTML5, XSS, Web Security
Abstract

Cross-site scripting attacks has always been one of the most common attacks to the front-end network applications. With the popularity of HTML5, the security of Email systems is facing new challenges. In this paper, we propose a new approach which utilizes HTML5 new tags and new attributes to construct storage-type XSS attack vectors. Based on this method, we have tested several domestic and foreign common mailbox and detected six HTML5-based XSS vulnerabilities. The final evaluation results show that our method can detect storage-type XSS vulnerabilities based on HTML5 effectively.

Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)
Series
Advances in Computer Science Research
Publication Date
December 2016
ISBN
10.2991/cnct-16.2017.106
ISSN
2352-538X
DOI
10.2991/cnct-16.2017.106How to use a DOI?
Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Jian-zhong ZHANG
AU  - Ao CHAI
PY  - 2016/12
DA  - 2016/12
TI  - Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems
BT  - Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)
PB  - Atlantis Press
SP  - 765
EP  - 773
SN  - 2352-538X
UR  - https://doi.org/10.2991/cnct-16.2017.106
DO  - 10.2991/cnct-16.2017.106
ID  - ZHANG2016/12
ER  -