Cross Site Scripting (XSS)

Posted on October 21, 2012. Filed under: SANS Dev 541 |


Cross Site Scripting is the most common vulnerabilities in websites today. Dynamic web applications allow user to post input to the website. If user put javascript as part of the input, when the input is redisplayed on the users’ browser, it will interpret the Javascript as actual code rather than displaying it on the screen. Web application can prevent this kind of attack by limiting the kinds of input received, checks for the presence of malicious characters, or encode output.

There are two types of XSS attacks.

  • Stored XSS. This is where an attacker can upload input containing malicious script to the web application. The malicious script is then stored on the server and then displayed at all browsers which assess a particular page. For example, in bulletin board, where a user enters in a message which contains malicious script, that message is then displayed on the board, and the script executed in all the browsers that visit that page.
  • Reflective XSS. This is where a site immediately redisplays the user input without actually Store it in a given page. For example, when user visit a malicious site and a malicious input is send to the vulnerable website in behalf of the use. The response page we automatically executes on the clients browser. Sometimes JavaScript can display user’s session and send it to attackers website.
  • Let’s have a case study and see how a hacker use XSS to steal a bank customer’s bank account.

Example:

In the following xss.jsp, the value of request parameter “ID” will be displayed in the response page:

<html><%=request.getParameter("ID") %></html>

If attacker issue a request parameter containing javascript as the following, the browser’s cookie (sometimes contains browser session) may be steal.

http://host/xss.jsp?ID=<script>alert(document.cookie)</script>
Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: