Saturday, November 8, 2008

Cross Site Scripting (XSS)

XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we’ll just have a quick look to get a feel for it.
XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.

Picture the scene: you’re there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. ‘Me nice gurl’, she says. You’ve always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:

[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]

Hmmm…what the hell, let’s give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.

When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything.

Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.

XSS is mostly of concern to consumers and to developers of web applications.

Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do.

Authorization bypass, to gain access to the Admin backend, can be as simple as this:

* Find weak target login page.
* View source. Copy to notepad.
* Delete the authorization javascript, amend a link or two.
* Save to desktop.
* Open on desktop. Enter anything into login fields, press enter.
Posted by Hunaid at 8:18 PM

1 comment:

Alex said...

Loved the way you have shared your views thanks alot for sharing will surely bookmarked this wonderful resource
PRP Therapy Chicago

October 1, 2015 at 4:53 AM

Post a Comment

Subscribe to: Post Comments (Atom)