Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-Site Scripting Travis Deyarmin.

Published byLeo Parrish Modified over 6 years ago

Similar presentations

Presentation on theme: "Cross-Site Scripting Travis Deyarmin."— Presentation transcript:

1 Cross-Site Scripting Travis Deyarmin

2 What is XSS Web app vulnerability Allows remote script execution
A form of code injection Can vary in impact

3 Different XSS Persistent Reflected Stored by the server
Runs whenever the page is loaded Can be coupled with viruses/worms Usually more severe Reflected Much more common Harder to leverage into deeper exploit Usually visible in the URL

4 What this means to Network Security
XSS can be used to gain admin or user passwords or cookies which then could be used to upload viruses and whatnot Compromise servers

5

6 Capabilities The sky is the limit, or rather your imagination is the limit XSS can be used in conjuncture with phishing, SQL and HTML injection, and/or viruses and worms. Session jacking

7

8 Stored XSS Session Jacking

9 Time for a Demo! <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

10 Time for a Demo! Example Example2
"><img+onerror="alert(String.fromCharCode(84,104,105,115,32,105,115,32,97,32,112,114,111,111,102,32,111,102,32,99,111,110,99,101,112,116,32,88,83,83,32,97,116,116,97,99,107,32,58,41))"+src="blah.png">

11 Prevention If this is so easy to do, how can I protect my site?
Stored functions – eliminate certain tags Filters Magic Quotes

12 Filtering Black Listing White Listing
Saying only alphanumeric and certain punctuations are allowed. May annoy legitimate users who are trying, lets say, to use a contraction but the single quote is being blocked. Blocking tags like <SCRIPT> or the alert function in javascript This leaves open attacks that are disguised as images. (or whatever else the hacker may think of)

13 Circumventing filters
If say, the word “script” is filtered out, there are a few ways around this. If it’s case sensitive then alternating camel case could get around it. Ex. sCrIpT If they only filter the input once then placing the word inside itself. Ex. scrSCRIPTipt

14 Circumventing cont’ Convert to Unicode, hex, or salt the vector with vectors Buffer Overflow (usually with A’s) with payload and vector attached to the end of your string HTML entities. Ex. < , &

15 Sources OWASP Top 10 Vulnerabilities
The Web Application Hacker’s Handbook Wikipedia Zack Garcia

Download ppt "Cross-Site Scripting Travis Deyarmin."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Webgoat.

Webgoat.
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.

Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report 2014 https://info.cenzic.com/2013-Application-Security-Trends-Report.html.

Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report

Similar presentations

Ads by Google