著者

西田 誠幸 原田 紀夫

出版者

拓殖大学

雑誌

拓殖大学理工学研究報告 (ISSN:09198253)

巻号頁・発行日

vol.9, no.1, pp.59-60, 2004-01-25

---

Cross Site Scripting (XSS) is one of vulnerabilities that is latent in dynamic contents on WWW. Attackers exploit XSS to get cookie information and alter Web pages illegally. One of the problems to eliminate XSS is that Web masters have to check the XSS existance in dynamic contents with great effort, or they have to prohibit the usage of dynamic contents. This paper describles an algorithm we have been designing in order to detect XSS vulnerabilities in PHP scripts that generate dynamic contents. Our algorithm belongs with the flow sensitive analysis in static program analysis, and it is based on the constant propagation analysis. The algorithm supports Web masters with checking the XSS existance in PHP scripts automatically.