View
53
Download
0
Category
Preview:
Citation preview
CROSS SITE SCRIPTING
(XSS)
Presented by: Nabin Dutta
3rd Year , IT
Class Roll: 44Mentor:
Mrs. Suparna Seal
Sl. No Topic
1 What is XSS?
2 Diagram of Typical XSS attack
3 XSS attack used for:
4 Types of XSS
5 Reflected XSS
6 Attack Scenario of Reflected XSS
7 Stored XSS
8 Attack Scenario of Stored XSS
9 DOM-Based XSS
10 Attack Scenario of DOM Based XSS
11 Steps to an XSS attack
12 Protection
13 Conclusion
What Is XSS Cross-site scripting or XSS is defined as a
computer security vulnerability (weakness) found in web applications.
It allows a variety of code to be injected by a malicious user into a webpage
The code is written in JavaScript, VBScript, ActiveX, HTML, or Flash
It can cause Installation of Trojan horse programs the CSS attack involves three parties – the
attacker, a client and the web site. During an attack “everything looks fine” to the
end user, but in actuality they are subject to an endless amount of threats
XSS attacks used for:
Hijacking Accounts(stealing their private information)
False Advertising & inserting hostile content Cookie theft(stealing other user’s
cookies) /poisoning & defacing websites Changing of users settings Conducting phishing attacks performing actions on behalf of other users Spying on user’s web browsing habits.
Reflected
Most common type An attacker convinces a user to follow a
malicious URL which injects code into the resulting page
Now the attacker has full access to that pages content
Attack Scenario of Reflected
The user comes in contact with a malicious link, form, or a malicious redirection.
The Web application is requested prepared the call by the Bank.
The XSS-code is an XSS vulnerability of the banking application, inserted into the page.
The infected page with XSS code is sent to the user. The XSS-code context of the page arrived at the
user and thus bypassing the "Same Origin" security setting of the Web browser.
XSS-code sends stolen data to the server of the attacker.
Stored XSS
JavaScript supplied by the attacker is stored by the website (e.g. in a database)
Doesn’t require the victim to supply the JavaScript somehow, just visit the exploited web page
More dangerous than Reflected XSS
Attack Scenario of Persistent
The Web application of the bank is called with the XSS code.
The malicious code enters into an XSS vulnerability in the application and is stored there.
A user calls the Web application of the Bank. The malicious code is installed from the memory to
the website. The infected Web page is sent to the user. The XSS code context of the page arrived at the user,
and thus bypassing the "Same Origin" security setting of the Web browser.
The XSS code sends stolen data to the server of the attacker.
DOM Based XSS
Occur in the content processing stages performed by the client
DOM-Based (Local) Document Object Model
Standard object model for representing html or xhtml Problem exists within the page’s client side
script If an attacker hosts a malicious site, which
contains a vulnerable website on a clients local system, a script can be injected
Now the attacker can run the privileges of that users browser on their system.
Attack Scenaro of DOM-Based
The Web application is requested by the Bank prepared the call.
The XSS-code inserted in the cookie. The cookie with the malicious code is sent to
the user and stored with him. The user calls the Web application of the Bank. The malicious code is installed from the cookie
in the Web page. The infected Web page is sent to the user. The XSS code sends stolen data to the server
of the attacker.
Steps to an XSS attack
Select a target Find an XSS hole, and look if it has any cookies If it has a cookie, then you have found a target
Testing Insert code or script pointing to the vulnerability Make sure the page does not appear broken
XSS Execution Send your crafted URL to launch it More experienced attackers would do a few redirects
to steal cookies, return to site, then attack them harder
Decide what to do with the data After collecting data, it is possible to perform an
attack
Protection
• The simplest form of XSS protection is to pass all external data through a filter (in server-side).
• It is recommended to use libraries that has been tried and tested by the community.
• XSS techniques keep changing (your filters will need to be updated periodically).
Conclusion
XSS is defined as the number one and utmost prevalent website vulnerability on the internet
No one is ever completely safe from XSS Can not be expected to write flawless code or
have round the clock personnel to answer all possible vulnerability issues
As XSS vulnerabilities continue to grow, the best way to protect yourself from it is to be careful and be aware of its existence
Recommended