Beruflich Dokumente
Kultur Dokumente
http://sourceforge.net/projects/xssalert7/
Author: Arjun Jain (07104701) Department of Computer Science and Information Technology Jaypee Institute of Information Technology Sector-62 Noida ,Uttar Pradesh
Agenda
Overview of XSS attack Type of XSS attack Example Limitation of attack DOM security overview XSS alert working model Demo
7 out of 10 sites have XSS ( Jeremiah Grossman, White Hat website security statistics report, Oct 2007 )
Reflected XSS
It detect all non-persistent XSS issues which occur when a web application blindly echo parts of the HTTP request in the corresponding HTTP response HTML. Example : <?php $name= request.getParameter(name); echo Hey.$name; ?> $name may contain javascript.
Stored XSS
It refers to all XSS vulnerabilities, where the adversary is able to permanently inject the malicious script in the vulnerable application storage . The result is every user that accesses the poisoned web page received the injected script without further action by the adversary.
DOM-based XSS
It is special variant of the reflected XSS, where logic errors in legitimate JavaScript and careless usage of the client-side data result in XSS coordination.
Example
Invalidated Input and resulted in a Cross-Site Scripting attack and the theft of the administrators Cookies.
Usually only get one transaction with XSS code against vulnerable site Most attacks are only focused on collecting cookies
POST based forms are seldom leveraged almost always use GET methods
Attacker does not know actual responses to client Some experts recommend using POST, hidden form inputs and other session state info to limit XSS risks.
Child windows and same site trust Scripts can interact between the two windows Script content can be loaded from anywhere (RPC/Remote scripting is common) Images can be loaded from anywhere
Form GET/POST can be to another site or a javascript action XSS allows DOM abuse, but still follows DOM rules
Demo
Final Result
Thank You !