This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevalent & Pernicious: XSS

RSAAdmin
Beginner
Beginner
‎2012-09-21 01:48 AM

Of all the vulnerability, the most widespread and harmful Web application security vulnerability is Cross Site Scripting attacks (XSS).

 

Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site.

 

Example of malicious code

  1. Modification of the Document Object Model - DOM (change some links, add some buttons)
  2. Send personal information to thirds (JavaScript can send cookies to other sites)

xssattack.png
Three types of Cross Site Scripting

  1. Reflected
  2. Stored
  3. DOM injection

 

Reflected XSS

  1. The easiest exploit.
  2. A page will reflect user supplied data directly back to the user

So when the user types:

<script type="text/javascript">

alert("Hello World");

</script>

         He receives an alert in his browserDanger

  1. If the URL (containing GET parameters) is delivered by a third to the victim
  2. The Victim will access a modified page
  3. SSL certificate and security warning are OK!

 

Stored XSS

Hostile Data is taken and stored

  1. In a file
  2. In a Database
  3. In any other backend system

Then Data is sent back to any visitor of the web site Risk when large number of users can see unfiltered content

  1. Very dangerous for Content Management Systems (CMS)
  2. Blogs
  3. Forums

 

DOM Based XSS

  1. Document Object Model
  2. The document is represented using a tree
  3. The tree is rooted with the document node
  4. Each tag and text is part of the tree
  5. XSS Modifies the Document Object Model (DOM)
  6. JavaScript can manipulate all the document
  7. It can create new nodes,
  8. Remove existing nodes
  9. Change the content of some nodes

  js.png

 

Reducing the threat

  1. Encoding/escaping of string input
  2. Safely validating untrusted HTML inputs.
  3. Cookie Security.
  4. Disabling Scripts
  5. Defensive Technologies. (Mozilla Content Security Technologies, JS Sandbox tools, Auto Escaping tools etc)

 

 

Recent XSS Attacks:

GoDaddy recently went down with DOS attack by Anonymous Hacker. After GoDaddy CEO declined any such hacks by anonymous, they again penetrated with XSS hacks.

 

anony.png

0 Likes
1 Comment
© 2022 RSA Security LLC or its affiliates. All rights reserved.