• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Blind xss
 

Blind xss

on

  • 999 views

Researcher : Adam Baldwin ...

Researcher : Adam Baldwin
Conference Presented : DEFCON 20

Flavor of cross site scripting, where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file).

Statistics

Views

Total Views
999
Views on SlideShare
794
Embed Views
205

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 205

http://dunnesec.wordpress.com 175
http://dunnesec.com 30

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Blind xss Blind xss Presentation Transcript

    • • Researcher : Adam Baldwin • Conference Presented :DEFCON 20
    • • Reflected • Persistent (stored) • DOM
    • • It is a flavor of cross site scripting, where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). • Then without knowing where the payloads have ended up, or if they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. • In-fact it would be BLIND-STORED XSS.
    • • Persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. • These are then “served” to other users as part of HTML page responses, without begin “sanitized” first.
    • • Payload gets sent to a database and all input in application are been stored somewhere and it going to be used by different tools. • Also going to be used in different contexts by different developers. • Could be minutes, days, months and even years when it executes (if it executes).... • Historical data. Good example would be chat sites etc... • Admin might think something is fishy with a users account, so the Admin could go back an look at the account - opened the database, opened the profile and rendered the payload in the page an call the XSS back to the attacker. • Targets: Log Viewers, Exception Handlers. Anywhere that an Admin or Owner can go back an view old records.
    • Link to tutorial • Demonstration that Adam Baldwin did at DEFCON 20 using xss.io to identify blind xss vectors, quickly build reusable exploits and use the referrer redirect feature to shorten payload length. • http://vimeo.com/46897322
    • • Don't mind me, I'm just going to hang out for a few decades until a programmer makes a mistake – But the fact is "Programmers will make the mistake"! • Some people previously called this unverified XSS and then explain how it can be verified through looking trough the Logs. • At the end of day the vulnerability is BLIND.
    • • Code Review and ensure that any user input is properly sanitized. – If this is not done, there is a risk that user input does not get scraped of any scripting tags before being saved to storage or served to the user’s browser. • Never trust data provided.