XSS Shell by Vandan Joshi

3,067 views

Published on

Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without validation, it provides attackers with an opportunity to execute malicious scripts in victim users’ browsers. By using this attack vector, malicious users can hijack user accounts, deface websites, carry out phishing attacks etc .XSS shell is a cross domain tool to carry out XSS attack in more controlled manner. It is used to setup a channel between attacker and victim’s browser and controlling the victim’s browser.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,067
On SlideShare
0
From Embeds
0
Number of Embeds
100
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

XSS Shell by Vandan Joshi

  1. 1. XSSshellVandan Joshi
  2. 2. Introduction• Consultant – Information SecuritySecurEyes Techno Services Ltd• MBA in Networks and IT Infrastructure• Learner
  3. 3. AGENDA• Introduction• XSS Types• XSSShell• Demo
  4. 4. Cross Site Scripting Included in OWASP top 10 – 2010Available at owasp.org
  5. 5. • Very easy to exploit• Widespread• Javascript Exploit• Vulnerable to any platform• Target – Users’ web browser• Considered as a script injection attack• Malicious scripts run onto the other browsers
  6. 6. Cross Site Scripting• Introduction• Impacts• Remediation that don’t work
  7. 7. Cross Site Scripting Demo• Reflective XSS• Stored XSS
  8. 8. • Demo by Hackersbank vulnerable application
  9. 9. XSS Shell• XSS Shell Server• The client Side Javascript• XSSShell’s Administrative interface
  10. 10. • XSSShell Demo by BeeF and Hackers Bank Application

×