TABLE OF CONTENTS Security researchers have spent a significant amount of time over the last few years, finding and exposing a wide range of flaws in software and Web sites that could be used to perform a cross-site scripting (XSS) attack. The primary focus of these attacks was Web applications that failed to filter the user-supplied data. However, there are several other ways that an attacker can successfully inject JavaScript into a user's browser. In this chapter, we look at several of these advanced attack vectors in some detail, so that you can get an idea of how illusive and widespread this problem is.
When a user requests a Web page in a browser, several systems have to work together to locate, access, and retrieve that data. One of these components is the Domain Name System (DNS), which converts the Uniform Resource Locator (URL) entered into the browser into the numerical address of the server that hosts the Web site. For example, when your browser is commanded to view www.example.com, the user's system will connect to a DNS server to perform a lookup on that domain, which would then provide the IP address of 111.111.111.111. The browser will then create a query that contains the domain, a specific Web page, and other variables and send it to the specified Internet Protocol (IP) address. After connecting to 111.111.111.111, the browser will send the following:
GET / HTTP/I.0 Host : www.example.com ...
