Cross Channel Scripting Attacks (XCS) in Web Applications

Abstract

XCS is one of the most common Web application vulnerabilities, which is also known as Cross Channel Scripting. It is a variant of Cross-Site Scripting (XSS); in this attack, inoculation of a malicious vector is achieved via networking protocols and embedded devices that have Web interfaces like cameras, photo frames, routers, etc. These devices permit the Web administrator to perform various activities from the browser to the server. XCS attacks are performed by injecting the malicious content into the embedded devices having the Web interface and this malicious code is exploited in the client browser. Further, the malicious content can be injected into the device through network protocols like File Transfer Protocol and Network File System. In this article, the analysis of scripting defending approaches at the client-side and server-side have been discussed and exploited using penetration testing tools. In the literature, XCS vulnerability detection and mitigation are major extents covered by most of the studies. We have also conferred various state-of-the-art XCS techniques with their strengths, weaknesses, and identified the research gaps.KeywordsXCS attackCross channel scriptingJavaScript code injectionNetwork protocolsSanitization