UploadLanguage (EN)Support
BusinessMobileSocial MediaMarketingTechnologyArt & PhotosCareerDesignEducationPresentations & Public SpeakingGovernment & NonprofitHealthcareInternetLawLeadership & ManagementAutomotiveEngineeringSoftwareRecruiting & HRRetailSalesServicesScienceSmall Business & EntrepreneurshipFoodEnvironmentEconomy & FinanceData & AnalyticsInvestor RelationsSportsSpiritualNews & PoliticsTravelSelf ImprovementReal EstateEntertainment & HumorHealth & MedicineDevices & HardwareLifestyle
Upload
Sign in
Uploaded bydcervigni
PPTX, PDF69 views

Cm7 secure code_training_1day_xss

The document provides an overview of cross-site scripting (XSS) attacks. It defines XSS as a code injection attack that allows malicious JavaScript to be executed in a user's browser by exploiting vulnerabilities on websites. The document discusses how XSS works, the potential consequences like cookie and keylogging, and different types of XSS attacks like persistent, reflected, and DOM-based XSS. It provides examples of how XSS attacks are carried out and the roles of the website, victim, and attacker.

Technology
Download to read offline
1 / 15
2 / 15
3 / 15
4 / 15
5 / 15
6 / 15
7 / 15
8 / 15
9 / 15
10 / 15
11 / 15
12 / 15
13 / 15
14 / 15
15 / 15
SECURE CODE TRAINING Cross Site Scripting DAVID CERVIGNI IT SECURITY CONSULTANT AND PCI CODE REVIEWER
What is XSS? Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser. The attacker does not directly target his victim. Instead, he exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him. To the victim's browser, the malicious JavaScript appears to be a legitimate part of the website, and the website has thus acted as an unintentional accomplice to the attacker.
How the malicious JavaScript is injected The script assumes that a comment consists only of text. However, since the user input is included directly, an attacker could submit this comment: "<script>...</script>". Any user visiting the page would now receive the following response:
What is malicious JavaScript? JavaScript runs in a very restricted environment that has extremely limited access to the user's files and operating system … BUT The possibility of JavaScript being malicious becomes more clear when you consider the following facts: • JavaScript has access to some of the user's sensitive information, such as cookies. • JavaScript can send HTTP requests with arbitrary content to arbitrary destinations by using XMLHttpRequest and other mechanisms. • JavaScript can make arbitrary modifications to the HTML of the current page by using DOM manipulation methods. These facts combined can cause very serious security breaches, as we will explain next.
XSS consequences • Cookie theft: The attacker can access the victim's cookies associated with the website using document.cookie, send them to his own server, and use them to extract sensitive information like session IDs. • Keylogging: The attacker can register a keyboard event listener using addEventListener and then send all of the user's keystrokes to his own server, potentially recording sensitive information such as passwords and credit card numbers. • Phishing: The attacker can insert a fake login form into the page using DOM manipulation, set the form's action attribute to target his own server, and then trick the user into submitting sensitive information.
Actors in an XSS attack • The website serves HTML pages to users who request them. In our examples, it is located at http://website/. – The website's database is a database that stores some of the user input included in the website's pages. • The victim is a normal user of the website who requests pages from it using his browser. • The attacker is a malicious user of the website who intends to launch an attack on the victim by exploiting an XSS vulnerability in the website. – The attacker's server is a web server controlled by the attacker for the sole purpose of stealing the victim's sensitive information. In our examples, it is located at http://attacker/.
An example attack scenario Stealing the cookie: The URL includes the victim's cookies as a query parameter, which the attacker can extract from the request when it arrives to his server. Once the attacker has acquired the cookies, he can use them to impersonate the victim and launch further attacks.
Types of XSS • Persistent XSS, where the malicious string originates from the website's database. • Reflected XSS, where the malicious string originates from the victim's request. • DOM-based XSS, where the vulnerability is in the client-side code rather than the server- side code.
Reflected XSS
How to promote Reflected XSS (by Attacker) • If the user targets a specific individual, the attacker can send the malicious URL to the victim (using e-mail or instant messaging, for example) and trick him into visiting it. • If the user targets a large group of people, the attacker can publish a link to the malicious URL (on his own website or on a social network, for example) and wait for visitors to click it.
Stored XSS
DOM-side XSS <body> <script>document.write(location.href);</script> </body>
DOM XSS, sources <body> <p>Hello my window name is: <script>document.write(window.name);</script> </p> </body>
DOM XSS, sinks
SECURE CODE TRAINING INTENSIVE COURSE DAVID CERVIGNI IT SECURITY CONSULTANT AND PCI CODE REVIEWER References: https://excess-xss.com/