Cross Site Scripting – Part 1

2 things before we begin

  • Don’t confuse this with CSS (Cascaded StyleSheet). Some genius replaced the C with X thus giving it new identity i.e. XSS.
  • This one is going to be a theory part. we will see the demo in next part.. stay tuned.!

XSS is a client side vulnerability which allows the execution of script in the browser.The attacker can also load the script on the server side which will get executed whenever any user visits that site.

This is one of the most common vulnerability which might lead to:

  • Website defacement
  • Cookie stealing
  • History stealing
  • and much more..!!

TYPES:

  • Stored
  • Reflected
  • DOM based

We will be discussing them one by one:

REFLECTED:

In this attack the attacker manipulates the URL and embeds the script in the URL itself.

www.victim.com/logbasket.aspx?uid=alert(“H5p”)

The attackers are smart enough to change the above URL

  • URL shortener services e.g. tiny URL, goo.gl to name a few
  • Create a Hyperlink (Free movies) and provide the destination as the malformed URL.(EASY right..??)

This attack will work only if user clicks the link shared by the attacker. It’s better to navigate to the site manually and by not clicking unknown links.

STORED OR PERSISTENT:

This one is a more dangerous and wide spread.The attacker will upload the script on the server and everytime the page is visited or rendered the script will run.Manually navigating to the site will not work in this case.

Where to upload the script.?

Comments field is one common example.If input sanitation is not done the scripy will run everytime the page is loaded.

DOM BASED:

The script will try to alter the DOM or steal data from the DOM.

What is DOM..???   &   Why we need it..???

DOM stands for document object model.Some of you might be thinking that how can a JavaScript interact with HTML page?

Whenever a browser parses the HTML page it creates an internal model in the browser, this model contains all the elements of HTML- this is DOM.Now JavaScript interacts with the DOM and the page is changed dynamically. JS can add,remove,modify the elements and thus changing the page dynamically

DOM example

I will create a small HTML code below.

<!doctype html>
<html>
<head>
<title></title>
</head>
<body>
<h1>test</h1>
< Div>h2 test</hDiv>
</body>
</html>

For the above code DOM will be created in the browser as below

DOM.PNG

Hackers found that they can forcibly load another web site into an HTML frame within the same browser window. Now using the JS they can cross the boundaries between the two web pages thus reading the data from one page into another.This way JS is empowered to manipulate the DOM.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s