Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
XSSshellVandan Joshi
Introduction• Consultant – Information SecuritySecurEyes Techno Services Ltd• MBA in Networks and IT Infrastructure• Learner
AGENDA•   Introduction•   XSS Types•   XSSShell•   Demo
Cross Site Scripting Included in OWASP top 10 – 2010Available at owasp.org
•   Very easy to exploit•   Widespread•   Javascript Exploit•   Vulnerable to any platform•   Target – Users’ web browser•...
Cross Site Scripting• Introduction• Impacts• Remediation that don’t work
Cross Site Scripting Demo• Reflective XSS• Stored XSS
• Demo by Hackersbank vulnerable application
XSS Shell• XSS Shell Server• The client Side Javascript• XSSShell’s Administrative interface
• XSSShell Demo by BeeF and Hackers Bank  Application
XSS Shell by Vandan Joshi
Upcoming SlideShare
Loading in …5
×

XSS Shell by Vandan Joshi

3,838 views

Published on

Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without validation, it provides attackers with an opportunity to execute malicious scripts in victim users’ browsers. By using this attack vector, malicious users can hijack user accounts, deface websites, carry out phishing attacks etc .XSS shell is a cross domain tool to carry out XSS attack in more controlled manner. It is used to setup a channel between attacker and victim’s browser and controlling the victim’s browser.

  • Be the first to comment

XSS Shell by Vandan Joshi

  1. 1. XSSshellVandan Joshi
  2. 2. Introduction• Consultant – Information SecuritySecurEyes Techno Services Ltd• MBA in Networks and IT Infrastructure• Learner
  3. 3. AGENDA• Introduction• XSS Types• XSSShell• Demo
  4. 4. Cross Site Scripting Included in OWASP top 10 – 2010Available at owasp.org
  5. 5. • Very easy to exploit• Widespread• Javascript Exploit• Vulnerable to any platform• Target – Users’ web browser• Considered as a script injection attack• Malicious scripts run onto the other browsers
  6. 6. Cross Site Scripting• Introduction• Impacts• Remediation that don’t work
  7. 7. Cross Site Scripting Demo• Reflective XSS• Stored XSS
  8. 8. • Demo by Hackersbank vulnerable application
  9. 9. XSS Shell• XSS Shell Server• The client Side Javascript• XSSShell’s Administrative interface
  10. 10. • XSSShell Demo by BeeF and Hackers Bank Application

×