Tuesday, July 2, 2013

XSS -slaying information from simple actions like----- a MOUSE HOVER :)

XSS well :) what do we know about it,

Cross Site Scripting as its called :) is a form of web vulnerability solely relying on scripts and scripting languages e.g javascript, HTML5 e.t.c

Some examples of exploitation include:
  • injecting a fake login form;
  • retrieving legitimate users' cookies;
  • injecting browser's exploits;
  • getting users to perform an arbitrary action in the web application;
...
and tonnes more....

a simple XSS would look like such <script>alert(1);</script> when injecting on a html form... on a url it may be as such :
http://urvulnerablewebsite-app.domain/xss/example.php?name=<script>alert(1);</script>

so what really happens? ....XSS comes from a lack of encoding when information gets sent to application's users. as opposed to other attacks it targets the client rather than the server.

how dangerous is this? well... here is a simple calculation ... 
XSS in url encoded format is hardly noticable to any viewer(looks like a normall url)

http://urvulnerablewebsite-app.domain/xss/example.php?name=kardashian_sex_tape%3Cp%20onmouseover=alert%28%27XSS%27%29%3Eer%3C/p%3E 


the above link (leave the sex tape outta this) unlike the other one has less <script> tags and contains more of the url encoded while it simply loads on a webpage without any immediate effect till you hover your mouse on the page :) !!! and whats the worst that can happen owwww i donno maybe .... fake login page injection (social sites , online bank) retrive legitimate user cookies from your browser :) ... get you to perform arbitrary actions on the web app without your consent (well your knowing consent)

more about this attack can be found here where theres a cheat sheet OWASP XSS cheet sheet also on its evasion and even more on how to protect yourself ... PEACE... am out

No comments:

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...