What is XSS:-
Wikipedia definition for XSS is “Cross-site scripting (XSS) is a type of computer insecurity vulnerability typically found in Web applications (such as web browsers through breaches of browser security) that enables attackers to inject client-side script into Web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.”
Simply 'XSS' also known as 'CSS' (Cross Site Scripting, Easily confused with 'Cascading Style Sheets') is a very common vulnerability found in Web Applications, 'XSS' allows the attacker to inject malicious code , the reason of that is the developer trusts user inputs, or mis filtering issues ,then send back user input data to the client browser so the malicious code will execute.
XSS is Dangerous :
XSS is really dangerous, it's severity is High, because it could change the website DOM and could lead to stealing credentials of the administrator , in these cases the attacker can control and compromise the whole application.
What does the attacker want to achieve? XSS Type :
There are Three Types of XSS, we will discuss each kind of these in details , as you will see.
Persistent (Stored) XSS :
Wikipedia definition :The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
Simply Persistent XSS is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration , then sending them again to the client browser.
Persistent (Stored) XSS Demo :
Here is a PHP code that suffers form Persistent XSS:
<?php
if(isset($_POST['btnSign']))
{
$message=trim($_POST['mtxMessage']);
$name=trim($_POST['txtName']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ( '$message','$name');";
$result=mysql_query($query) or die('<pre>'.mysql_error().'</pre>');
}
?>
The two parameters in that code “message” and “name” are not sanitized properly ,the ,we store these parameters into the guestbook table, So when we displaying these parameters back the client browser, it will execute the malicious JavaScript code.
For Demonstrating this we will exploit DVWA application. After Submitting this form , Our JS code has been executed
Wikipedia definition for XSS is “Cross-site scripting (XSS) is a type of computer insecurity vulnerability typically found in Web applications (such as web browsers through breaches of browser security) that enables attackers to inject client-side script into Web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.”
Simply 'XSS' also known as 'CSS' (Cross Site Scripting, Easily confused with 'Cascading Style Sheets') is a very common vulnerability found in Web Applications, 'XSS' allows the attacker to inject malicious code , the reason of that is the developer trusts user inputs, or mis filtering issues ,then send back user input data to the client browser so the malicious code will execute.
XSS is Dangerous :
XSS is really dangerous, it's severity is High, because it could change the website DOM and could lead to stealing credentials of the administrator , in these cases the attacker can control and compromise the whole application.
What does the attacker want to achieve? XSS Type :
There are Three Types of XSS, we will discuss each kind of these in details , as you will see.
Persistent (Stored) XSS :
Wikipedia definition :The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
Simply Persistent XSS is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration , then sending them again to the client browser.
Persistent (Stored) XSS Demo :
Here is a PHP code that suffers form Persistent XSS:
<?php
if(isset($_POST['btnSign']))
{
$message=trim($_POST['mtxMessage']);
$name=trim($_POST['txtName']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ( '$message','$name');";
$result=mysql_query($query) or die('<pre>'.mysql_error().'</pre>');
}
?>
The two parameters in that code “message” and “name” are not sanitized properly ,the ,we store these parameters into the guestbook table, So when we displaying these parameters back the client browser, it will execute the malicious JavaScript code.
For Demonstrating this we will exploit DVWA application. After Submitting this form , Our JS code has been executed
Non Persistent (Reflected) XSS :
Wikipedia definition The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user, without properly sanitizing the request.
Non Persistent (Reflected) XSS Demo :
Here is a php code that suffers form Reflected XSS
<?php
if(!array_key_exists("name",$_GET) | |$_GET['name'] == NULL || $_GET['name']==''){
$isempty=true;
}
else{
echo '<pre>';
echo 'Hello' . $_GET['name'];
echo '</pre>';
}
?>
AS you can see that the “name” parameter doesn't sanitized and echo back to the user , so when the
user inject a malicious JS code , It will execute.
Now we will inject our malicious js Code , For demonstrating we will inject
<script>alert(/xss/)</script> For Demonstrating this we will exploit DVWA application
Wikipedia definition The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user, without properly sanitizing the request.
Non Persistent (Reflected) XSS Demo :
Here is a php code that suffers form Reflected XSS
<?php
if(!array_key_exists("name",$_GET) | |$_GET['name'] == NULL || $_GET['name']==''){
$isempty=true;
}
else{
echo '<pre>';
echo 'Hello' . $_GET['name'];
echo '</pre>';
}
?>
AS you can see that the “name” parameter doesn't sanitized and echo back to the user , so when the
user inject a malicious JS code , It will execute.
Now we will inject our malicious js Code , For demonstrating we will inject
<script>alert(/xss/)</script> For Demonstrating this we will exploit DVWA application
will inject an alert box Code “<script>alert("xss")</script>”
Conclusion :
as we can see our JS code has been executed, so we can execute any malicious JS shellcodes that are out there on the INTERNET.
That's enough for this article , and I wish to be useful for you guys , and there are a lot of Great and exciting stuff will be post later in this tutorials
as we can see our JS code has been executed, so we can execute any malicious JS shellcodes that are out there on the INTERNET.
That's enough for this article , and I wish to be useful for you guys , and there are a lot of Great and exciting stuff will be post later in this tutorials
0 comments:
Post a Comment