Download presentation
Presentation is loading. Please wait.
1
Cross-Site Scripting Travis Deyarmin
2
What is XSS Web app vulnerability Allows remote script execution
A form of code injection Can vary in impact
3
Different XSS Persistent Reflected Stored by the server
Runs whenever the page is loaded Can be coupled with viruses/worms Usually more severe Reflected Much more common Harder to leverage into deeper exploit Usually visible in the URL
4
What this means to Network Security
XSS can be used to gain admin or user passwords or cookies which then could be used to upload viruses and whatnot Compromise servers
6
Capabilities The sky is the limit, or rather your imagination is the limit XSS can be used in conjuncture with phishing, SQL and HTML injection, and/or viruses and worms. Session jacking
8
Stored XSS Session Jacking
9
Time for a Demo! <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
10
Time for a Demo! Example Example2
"><img+onerror="alert(String.fromCharCode(84,104,105,115,32,105,115,32,97,32,112,114,111,111,102,32,111,102,32,99,111,110,99,101,112,116,32,88,83,83,32,97,116,116,97,99,107,32,58,41))"+src="blah.png">
11
Prevention If this is so easy to do, how can I protect my site?
Stored functions – eliminate certain tags Filters Magic Quotes
12
Filtering Black Listing White Listing
Saying only alphanumeric and certain punctuations are allowed. May annoy legitimate users who are trying, lets say, to use a contraction but the single quote is being blocked. Blocking tags like <SCRIPT> or the alert function in javascript This leaves open attacks that are disguised as images. (or whatever else the hacker may think of)
13
Circumventing filters
If say, the word “script” is filtered out, there are a few ways around this. If it’s case sensitive then alternating camel case could get around it. Ex. sCrIpT If they only filter the input once then placing the word inside itself. Ex. scrSCRIPTipt
14
Circumventing cont’ Convert to Unicode, hex, or salt the vector with vectors Buffer Overflow (usually with A’s) with payload and vector attached to the end of your string HTML entities. Ex. < , &
15
Sources OWASP Top 10 Vulnerabilities
The Web Application Hacker’s Handbook Wikipedia Zack Garcia
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.