Your SlideShare is downloading. ×
XSS Shell by Vandan Joshi
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

XSS Shell by Vandan Joshi

1,893
views

Published on

Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without …

Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without validation, it provides attackers with an opportunity to execute malicious scripts in victim users’ browsers. By using this attack vector, malicious users can hijack user accounts, deface websites, carry out phishing attacks etc .XSS shell is a cross domain tool to carry out XSS attack in more controlled manner. It is used to setup a channel between attacker and victim’s browser and controlling the victim’s browser.


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,893
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. XSSshellVandan Joshi
  • 2. Introduction• Consultant – Information SecuritySecurEyes Techno Services Ltd• MBA in Networks and IT Infrastructure• Learner
  • 3. AGENDA• Introduction• XSS Types• XSSShell• Demo
  • 4. Cross Site Scripting Included in OWASP top 10 – 2010Available at owasp.org
  • 5. • Very easy to exploit• Widespread• Javascript Exploit• Vulnerable to any platform• Target – Users’ web browser• Considered as a script injection attack• Malicious scripts run onto the other browsers
  • 6. Cross Site Scripting• Introduction• Impacts• Remediation that don’t work
  • 7. Cross Site Scripting Demo• Reflective XSS• Stored XSS
  • 8. • Demo by Hackersbank vulnerable application
  • 9. XSS Shell• XSS Shell Server• The client Side Javascript• XSSShell’s Administrative interface
  • 10. • XSSShell Demo by BeeF and Hackers Bank Application

×