A presentation delivered at WordCamp Miami 2016 about security best practices in web development by SiteLock Director of Products & Technology Binod Purushothaman and Lead Security Analyst Logan Kipp.
2. BIO
Binod Purushothaman
Director, Product & Technology @SiteLock
§ Heads the product development team.
§ Lead several technology startups in the
manufacturing and finance sectors in India and
the United States.
3. BIO
Logan Kipp
Lead Security Analyst @SiteLock
§ Provides SiteLock's Partners and Support
Services Division with information and training on
emerging technologies and threats.
§ Has seven years experience in the website
hosting and security technology field, previously
working at GoDaddy.
22. XSS
“Cross-site scripting (XSS) is a type
of computer security vulnerability
t y p i c a l l y f o u n d i n w e b
applications. XSS enables attackers to
inject client-side script into web pages
viewed by other users.”
-
Wikipedia
23. XSS
SiteLock Research Team picks up possible XSS
vulnerability in plugin during routine SAST scan.
§ File: settings.php
§ Argument: $curr
24. XSS
Found $curr set at line 195/196, where it’s set to
Default if $cntr is empty, or the value of $cntr if not.
Variable $cntr set at lines 91/92. If
$_GET[‘scounter’] set, inherits value. Could this be
a reflective XSS vulnerability?
25. XSS
Let’s find out. We simply need to pass a
harmless XSS string in the
$_GET[‘scounter’] variable to get a proof of
concept, like a document.cookie alert.
Something like:
?page=slider-
settings&scounter=<script>alert(document.co
okie)</script>