Your SlideShare is downloading. ×
Blind XSS & Click Jacking
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Blind XSS & Click Jacking

4,339
views

Published on

null Mumbai Chapter December 2012 meet

null Mumbai Chapter December 2012 meet

Published in: Education

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,339
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
55
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Vinesh Redkar
  • 2.  Vinesh Redkar  (Security Analyst)  At NII Consulting Research  Found Stored XSS on Paypal ,Rediffmail. http://securityvin32.blogspot.com vineshredkar89@gmail.com
  • 3.  Introduction What is Cross-Site Scripting Types of Cross-site Scripting What is Blind XSS Demo of Blind XSS Impact of XSS Mitigation Of XSS
  • 4.  Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into web sites. Types Of Cross-Site Scripting  Reflected XSS (Non-persistent)  Stored XSS(Persistent)  DOM XSS
  • 5. Attacker sets the trap – update my profile Application with stored XSS Attacker enters a malicious vulnerability script into a web page that stores the data on the server Communication Bus. Functions Administration Transactions E-Commerce Knowledge Accounts Finance Mgmt 2 Custom Code Script runs inside victim’s browser with full access to the DOM and cookies3 Script silently sends attacker Victim’s session cookie
  • 6. • XSS attack’s first target is the Client – Client trusts server (Does not expect attack) – Browser executes malicious script• But second target = Company running the Server – Loss of public image (Blame) – Loss of customer trust – Loss of money
  • 7.  What is it? Using it in penetration tests Challenges
  • 8. IT’S NOT LIKE BLIND SQLI WHERE YOU GET IMMEDIATE FEEDBACK.YOU DON’T EVEN KNOW WHETHER YOUR PAYLOAD WILL EXECUTE (OR WHEN!) YOU MUST THINK AHEAD ABOUT WHAT YOU WANT TO ACCOMPLISH … AND YOU HAVE TO BE LISTENING.
  • 9. 1. Carefully choose the right payload for the right situation.2. Get lucky!3. Patience 
  • 10.  log viewers exception handlers customer service apps (chats, tickets, forums, etc.) anything moderated For Demo we used Feedback Page. 
  • 11.  A malicious user can use XSS to steal credentials or silently redirect to malicious pages which can aide in further exploitation. A cross site scripting attack can result in the following:1. Account hijacking2. Malicious script execution3. Information theft -.4. Denial of Service5. Browser Redirection6. Manipulation of user settings
  • 12.  Input validation Output Encoding:  < &lt; > &gt;  ( &#40; ) &#41;  # &#35; & &#38; Do not use "blacklist" validation Specify the output encoding
  • 13.  Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn’t intend to click, typically by overlaying the web page with an iframe. We’ve known about clickjacking, also called “UI redress attacks,” for years now, as they were originally described in 2008 by Robert Hansen and Jeremiah Grossman. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Payload for Iframe injection <iframe src=“Target WebSite”> Set opacity:0; Use z-index:-1 :An element with greater stack order is always in front of an element with a lower stack order.
  • 14.  Don’t allow website to inject in IFRAME by using X-frame Header. Using X-Frame-OptionsThere are three possible values for X-Frame-Options:1. DENY The page cannot be displayed in a frame, regardless of the site attempting to do so.2. SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself.3. ALLOW-FROM uri The page can only be displayed in a frame on the specified origin.
  • 15. Thank You 

×