Scriptless attacks: stealing the pie without touching the sill

  title={Scriptless attacks: stealing the pie without touching the sill},
  author={Mario Heiderich and Marcus Niemietz and Felix Schuster and Thorsten Holz and J{\"o}rg Schwenk},
  booktitle={ACM Conference on Computer and Communications Security},
Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the security community members. In the same way, a plethora of more or less effective defense techniques have been proposed, addressing the causes and effects of XSS vulnerabilities. NoScript, and disabling scripting code in non-browser applications such as e-mail clients or instant messengers. As a result, an adversary often can no longer inject or even execute arbitrary scripting… CONTINUE READING
Highly Cited
This paper has 59 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 41 extracted citations

All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API

2014 IEEE Symposium on Security and Privacy • 2014
View 16 Excerpts
Highly Influenced

ShadowCrypt: Encrypted Web Applications for Everyone

ACM Conference on Computer and Communications Security • 2014
View 4 Excerpts
Highly Influenced

Is MathML dangerous?

Sicherheit • 2018
View 2 Excerpts

60 Citations

Citations per Year
Semantic Scholar estimates that this publication has 60 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-6 of 6 references

NoScript :: Firefox add-ons

G. Maone
https: //, July • 2010
View 13 Excerpts
Highly Influenced

XSSDS: Server-Side Detection of Cross-Site Scripting Attacks

2008 Annual Computer Security Applications Conference (ACSAC) • 2008
View 3 Excerpts
Highly Influenced

Similar Papers

Loading similar papers…