2 SudikoffThis past week, I worked at the Sudikoff building in Dartmouth which is the computer science department. More specifically, I worked in the computer science lab everyday and spent my time researching and learning about a very popular technique of web hacking called XSS.
3 Sergey BratusISTS' Chief Security Advisor and a Postdoctoral Research Assistant Professor in the Computer Science Department at Dartmouth CollegeTaught the “Computer Security and Privacy” courseUndergraduate education at the Moscow Institute of Physics and Technology (AKA, Moscow Phystech), and his Ph.D. at Northeastern University (1999).I have been learning from a man named Sergey for the past couple months and thought I would take this opportunity to work full time on a project with him. We have been working completely on computer security, whether it was network or hardware. I asked him what I could spend a week working on and he offered this topic and I found it very interesting. So I worked on researching and coding my own examples of cross site scripting on a website that I hosted locally on my computer.
5 Type 1 Known as non-persistent or reflected. The most common type. Arises when server-side scripts generate a page of results using the data from the web client for the user.An attacker could embed this URL in an , posing a situation and enticing the victim to click on itThis type of vulnerability is known as non-persistent or reflected. This is the most common type. This vulnerability arises when server-side scripts generate a page of results using the data from the web client for the user. In layman's term, it’s when the website uses the victim’s information, in many cases the URL, to generate a page for them. If invalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. Using this technique and a little social engineering, an attacker could embed this URL in an , posing a situation enticing the victim to click on it and receiving all the commands that the attacker wants.
6 Type 2 Known as stored, persistent, or second order Most powerful type of XSS attackCan be made when data provided to a web app by a user is stored in a database or file system and can be accessed later by different usersForums are a Type 2 targeted victim examplesThis type of vulnerability is also known as stored, persistent, or second order. This is the most powerful type of XSS attack. This exploit can be made when data provided to a web application by a user is stored in a database or file system and can be accessed later by different users. An example of this: A malicious user logs onto a blogging site and there is a forum viewed by many others. The user writes a response on the forum that looks very normal, with text similar to other responses, but then puts code that will be executed on viewing her post. This can be used to affect a large number of people with a single injection.
8 How can it be used? Cookies!! Allows access to previous sessions Certain logon informationWorms, Phishing, Spamming, Oh My!It is used frequently to steal a victim’s cookies. Cookies are small pieces of data sent from a website and stored in a users browser while the user is browsing a website. When the user is browsing the same website in the future, the data can be retrieved by the website. They are designed to remember the state or activities that the user had before leaving. This can include clicking buttons, logging in, or a record of what pages you visited in the past. If an attack got this he could impersonate his victim and use it to log into his previous session. The main reason to use XSS is to obtain data from the victim to use at the attacker leisure.