SlideShare a Scribd company logo

Blind XSS & Click Jacking

n|u - The Open Security Community
n|u - The Open Security Community
n|u - The Open Security Communityn|u - The Open Security Community

null Mumbai Chapter December 2012 meet

Blind XSS & Click Jacking

1 of 26
Download to read offline
Vinesh Redkar
   Vinesh Redkar
     (Security Analyst)
     At NII Consulting


    Research
     Found Stored XSS on Paypal ,Rediffmail.
    http://securityvin32.blogspot.com
    vineshredkar89@gmail.com
   Introduction
   What is Cross-Site Scripting
   Types of Cross-site Scripting
   What is Blind XSS
   Demo of Blind XSS
   Impact of XSS
   Mitigation Of XSS
   Cross-Site Scripting attacks are a type of
    injection problem, in which malicious scripts
    are injected into web sites.
   Types Of Cross-Site Scripting
     Reflected XSS (Non-persistent)
     Stored XSS(Persistent)
     DOM XSS
Blind XSS & Click Jacking
Attacker sets the trap – update my profile

                                                         Application with
                                                         stored XSS
                       Attacker enters a malicious       vulnerability
                       script into a web page that
                       stores the data on the server




                                                                                         Communication



                                                                                         Bus. Functions
                                                                        Administration
                                                                         Transactions



                                                                                          E-Commerce
                                                                                           Knowledge
                                                             Accounts
                                                              Finance




                                                                                             Mgmt
        2


                                                                    Custom Code


                       Script runs inside victim’s
                       browser with full access to
                       the DOM and cookies




3   Script silently sends attacker Victim’s session cookie
Ad

Recommended

More Related Content

What's hot

The Cross Site Scripting Guide
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting GuideDaisuke_Dan
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingashutosh rai
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into ClickjackingMarco Balduzzi
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site ScriptingAli Mattash
 
XSS- an application security vulnerability
XSS-   an application security vulnerabilityXSS-   an application security vulnerability
XSS- an application security vulnerabilitySoumyasanto Sen
 
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsWhat is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsZiv Ginsberg
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Daniel Tumser
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWARutvik patel
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta
 

What's hot (20)

Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Xss attack
Xss attackXss attack
Xss attack
 
The Cross Site Scripting Guide
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting Guide
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into Clickjacking
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site Scripting
 
XSS- an application security vulnerability
XSS-   an application security vulnerabilityXSS-   an application security vulnerability
XSS- an application security vulnerability
 
XSS
XSSXSS
XSS
 
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsWhat is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgets
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting
 

Similar to Blind XSS & Click Jacking

Convincing Developers to take Cross-Site Scripting Seriously
Convincing Developers to take Cross-Site Scripting SeriouslyConvincing Developers to take Cross-Site Scripting Seriously
Convincing Developers to take Cross-Site Scripting Seriouslyjpubal
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaperDaniel Tumser
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Cyber Security By Preetish Panda
Cyber Security By Preetish PandaCyber Security By Preetish Panda
Cyber Security By Preetish PandaPreetish Panda
 
Tracing out Cross Site Scripting Vulnerabilities in Modern Scripts
Tracing out Cross Site Scripting Vulnerabilities in Modern ScriptsTracing out Cross Site Scripting Vulnerabilities in Modern Scripts
Tracing out Cross Site Scripting Vulnerabilities in Modern ScriptsEswar Publications
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfyashvirsingh48
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Do You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaDo You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaAlphageeks
 
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...IRJET Journal
 
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssdcervigni
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
CROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptCROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptyashvirsingh48
 

Similar to Blind XSS & Click Jacking (20)

Convincing Developers to take Cross-Site Scripting Seriously
Convincing Developers to take Cross-Site Scripting SeriouslyConvincing Developers to take Cross-Site Scripting Seriously
Convincing Developers to take Cross-Site Scripting Seriously
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaper
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 
Api xss
Api xssApi xss
Api xss
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS Exploitation
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
Xss 101
Xss 101Xss 101
Xss 101
 
Cyber Security By Preetish Panda
Cyber Security By Preetish PandaCyber Security By Preetish Panda
Cyber Security By Preetish Panda
 
Tracing out Cross Site Scripting Vulnerabilities in Modern Scripts
Tracing out Cross Site Scripting Vulnerabilities in Modern ScriptsTracing out Cross Site Scripting Vulnerabilities in Modern Scripts
Tracing out Cross Site Scripting Vulnerabilities in Modern Scripts
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
Xss ppt
Xss pptXss ppt
Xss ppt
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
Do You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaDo You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez Metula
 
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
 
4.Xss
4.Xss4.Xss
4.Xss
 
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xss
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
CROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptCROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.ppt
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

2.15.24 Making Whiteness -- Baldwin.pptx
2.15.24 Making Whiteness -- Baldwin.pptx2.15.24 Making Whiteness -- Baldwin.pptx
2.15.24 Making Whiteness -- Baldwin.pptxMaryPotorti1
 
UniSC Moreton Bay Library self-guided tour
UniSC Moreton Bay Library self-guided tourUniSC Moreton Bay Library self-guided tour
UniSC Moreton Bay Library self-guided tourUSC_Library
 
D.pharmacy Pharmacology 4th unit notes.pdf
D.pharmacy Pharmacology 4th unit notes.pdfD.pharmacy Pharmacology 4th unit notes.pdf
D.pharmacy Pharmacology 4th unit notes.pdfSUMIT TIWARI
 
BTKi in Treatment Of Chronic Lymphocytic Leukemia
BTKi in Treatment Of Chronic Lymphocytic LeukemiaBTKi in Treatment Of Chronic Lymphocytic Leukemia
BTKi in Treatment Of Chronic Lymphocytic LeukemiaFaheema Hasan
 
Evaluation and management of patients with Dyspepsia.pptx
Evaluation and management of patients with Dyspepsia.pptxEvaluation and management of patients with Dyspepsia.pptx
Evaluation and management of patients with Dyspepsia.pptxgarvitnanecha
 
Detailed Presentation on Human Rights(1).pptx
Detailed Presentation on Human Rights(1).pptxDetailed Presentation on Human Rights(1).pptx
Detailed Presentation on Human Rights(1).pptxDrOsiaMajeed
 
IR introduction Introduction, Principle & Theory
IR introduction Introduction, Principle & TheoryIR introduction Introduction, Principle & Theory
IR introduction Introduction, Principle & Theorynivedithag131
 
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...Nguyen Thanh Tu Collection
 
Introduction of General Pharmacology PPT.pptx
Introduction of General Pharmacology PPT.pptxIntroduction of General Pharmacology PPT.pptx
Introduction of General Pharmacology PPT.pptxRenuka N Sunagad
 
Shapley Tech Talk - SHAP and Shapley Discussion
Shapley Tech Talk - SHAP and Shapley DiscussionShapley Tech Talk - SHAP and Shapley Discussion
Shapley Tech Talk - SHAP and Shapley DiscussionTushar Tank
 
UniSC Sunshine Coast library self-guided tour
UniSC Sunshine Coast library self-guided tourUniSC Sunshine Coast library self-guided tour
UniSC Sunshine Coast library self-guided tourUSC_Library
 
The Institutional Origins of Canada’s Telecommunications Mosaic
The Institutional Origins of Canada’s Telecommunications MosaicThe Institutional Origins of Canada’s Telecommunications Mosaic
The Institutional Origins of Canada’s Telecommunications MosaicUniversity of Canberra
 
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptx
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptxPractical Research 1: Qualitative Research and Its Importance in Daily Life.pptx
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptxKatherine Villaluna
 
Intuition behind Monte Carlo Markov Chains
Intuition behind Monte Carlo Markov ChainsIntuition behind Monte Carlo Markov Chains
Intuition behind Monte Carlo Markov ChainsTushar Tank
 
History in your Hands slides - Class 4 (online version).pptx
History in your Hands slides - Class 4 (online version).pptxHistory in your Hands slides - Class 4 (online version).pptx
History in your Hands slides - Class 4 (online version).pptxEilsONeill
 
Practical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxPractical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxKatherine Villaluna
 
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYSOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYGloriaRamos83
 
Software Cost Estimation webinar January 2024.pdf
Software Cost Estimation webinar January 2024.pdfSoftware Cost Estimation webinar January 2024.pdf
Software Cost Estimation webinar January 2024.pdfNesma
 

Recently uploaded (20)

2.15.24 Making Whiteness -- Baldwin.pptx
2.15.24 Making Whiteness -- Baldwin.pptx2.15.24 Making Whiteness -- Baldwin.pptx
2.15.24 Making Whiteness -- Baldwin.pptx
 
UniSC Moreton Bay Library self-guided tour
UniSC Moreton Bay Library self-guided tourUniSC Moreton Bay Library self-guided tour
UniSC Moreton Bay Library self-guided tour
 
D.pharmacy Pharmacology 4th unit notes.pdf
D.pharmacy Pharmacology 4th unit notes.pdfD.pharmacy Pharmacology 4th unit notes.pdf
D.pharmacy Pharmacology 4th unit notes.pdf
 
first section physiology laboratory.pptx
first section physiology laboratory.pptxfirst section physiology laboratory.pptx
first section physiology laboratory.pptx
 
BTKi in Treatment Of Chronic Lymphocytic Leukemia
BTKi in Treatment Of Chronic Lymphocytic LeukemiaBTKi in Treatment Of Chronic Lymphocytic Leukemia
BTKi in Treatment Of Chronic Lymphocytic Leukemia
 
Evaluation and management of patients with Dyspepsia.pptx
Evaluation and management of patients with Dyspepsia.pptxEvaluation and management of patients with Dyspepsia.pptx
Evaluation and management of patients with Dyspepsia.pptx
 
Detailed Presentation on Human Rights(1).pptx
Detailed Presentation on Human Rights(1).pptxDetailed Presentation on Human Rights(1).pptx
Detailed Presentation on Human Rights(1).pptx
 
IR introduction Introduction, Principle & Theory
IR introduction Introduction, Principle & TheoryIR introduction Introduction, Principle & Theory
IR introduction Introduction, Principle & Theory
 
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...
50 ĐỀ THI THỬ TỐT NGHIỆP THPT TIẾNG ANH 2024 CÓ GIẢI CHI TIẾT - GIỚI HẠN KHO...
 
Introduction of General Pharmacology PPT.pptx
Introduction of General Pharmacology PPT.pptxIntroduction of General Pharmacology PPT.pptx
Introduction of General Pharmacology PPT.pptx
 
Shapley Tech Talk - SHAP and Shapley Discussion
Shapley Tech Talk - SHAP and Shapley DiscussionShapley Tech Talk - SHAP and Shapley Discussion
Shapley Tech Talk - SHAP and Shapley Discussion
 
UniSC Sunshine Coast library self-guided tour
UniSC Sunshine Coast library self-guided tourUniSC Sunshine Coast library self-guided tour
UniSC Sunshine Coast library self-guided tour
 
Caldecott Medal Book Winners and Media Used
Caldecott Medal Book Winners and Media UsedCaldecott Medal Book Winners and Media Used
Caldecott Medal Book Winners and Media Used
 
The Institutional Origins of Canada’s Telecommunications Mosaic
The Institutional Origins of Canada’s Telecommunications MosaicThe Institutional Origins of Canada’s Telecommunications Mosaic
The Institutional Origins of Canada’s Telecommunications Mosaic
 
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptx
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptxPractical Research 1: Qualitative Research and Its Importance in Daily Life.pptx
Practical Research 1: Qualitative Research and Its Importance in Daily Life.pptx
 
Intuition behind Monte Carlo Markov Chains
Intuition behind Monte Carlo Markov ChainsIntuition behind Monte Carlo Markov Chains
Intuition behind Monte Carlo Markov Chains
 
History in your Hands slides - Class 4 (online version).pptx
History in your Hands slides - Class 4 (online version).pptxHistory in your Hands slides - Class 4 (online version).pptx
History in your Hands slides - Class 4 (online version).pptx
 
Practical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxPractical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptx
 
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYSOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
 
Software Cost Estimation webinar January 2024.pdf
Software Cost Estimation webinar January 2024.pdfSoftware Cost Estimation webinar January 2024.pdf
Software Cost Estimation webinar January 2024.pdf
 

Blind XSS & Click Jacking

  • 2. Vinesh Redkar  (Security Analyst)  At NII Consulting  Research  Found Stored XSS on Paypal ,Rediffmail. http://securityvin32.blogspot.com vineshredkar89@gmail.com
  • 3. Introduction  What is Cross-Site Scripting  Types of Cross-site Scripting  What is Blind XSS  Demo of Blind XSS  Impact of XSS  Mitigation Of XSS
  • 4. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into web sites.  Types Of Cross-Site Scripting  Reflected XSS (Non-persistent)  Stored XSS(Persistent)  DOM XSS
  • 6. Attacker sets the trap – update my profile Application with stored XSS Attacker enters a malicious vulnerability script into a web page that stores the data on the server Communication Bus. Functions Administration Transactions E-Commerce Knowledge Accounts Finance Mgmt 2 Custom Code Script runs inside victim’s browser with full access to the DOM and cookies 3 Script silently sends attacker Victim’s session cookie
  • 8. XSS attack’s first target is the Client – Client trusts server (Does not expect attack) – Browser executes malicious script • But second target = Company running the Server – Loss of public image (Blame) – Loss of customer trust – Loss of money
  • 9. What is it?  Using it in penetration tests  Challenges
  • 10. IT’S NOT LIKE BLIND SQLI WHERE YOU GET IMMEDIATE FEEDBACK. YOU DON’T EVEN KNOW WHETHER YOUR PAYLOAD WILL EXECUTE (OR WHEN!) YOU MUST THINK AHEAD ABOUT WHAT YOU WANT TO ACCOMPLISH … AND YOU HAVE TO BE LISTENING.
  • 17. 1. Carefully choose the right payload for the right situation. 2. Get lucky! 3. Patience 
  • 18. log viewers  exception handlers  customer service apps (chats, tickets, forums, etc.)  anything moderated  For Demo we used Feedback Page. 
  • 20. A malicious user can use XSS to steal credentials or silently redirect to malicious pages which can aide in further exploitation.  A cross site scripting attack can result in the following: 1. Account hijacking 2. Malicious script execution 3. Information theft -. 4. Denial of Service 5. Browser Redirection 6. Manipulation of user settings
  • 21. Input validation  Output Encoding:  < &lt; > &gt;  ( &#40; ) &#41;  # &#35; & &#38;  Do not use "blacklist" validation  Specify the output encoding
  • 22.  Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn’t intend to click, typically by overlaying the web page with an iframe.  We’ve known about clickjacking, also called “UI redress attacks,” for years now, as they were originally described in 2008 by Robert Hansen and Jeremiah Grossman.  Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.  Payload for Iframe injection <iframe src=“Target WebSite”> Set opacity:0; Use z-index:-1 :An element with greater stack order is always in front of an element with a lower stack order.
  • 25. Don’t allow website to inject in IFRAME by using X-frame Header.  Using X-Frame-Options There are three possible values for X-Frame-Options: 1. DENY The page cannot be displayed in a frame, regardless of the site attempting to do so. 2. SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself. 3. ALLOW-FROM uri The page can only be displayed in a frame on the specified origin.