Exploring DOM-Based Cross Site Attacks

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Nick Feamster CS 6262 Spring 2009
Past, Present and Future By Eoin Keary and Jim Manico
Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Chapter 6: Hostile Code Guide to Computer Network Security.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Workshop 3 Web Application Security Li Weichao March
Cookies Cross site scripting
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Prevent Cross-Site Scripting (XSS) attack
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.
JavaScript, Fourth Edition
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Chapter 8 Cookies And Security JavaScript, Third Edition.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Cross Site Scripting and its Issues By Odion Oisamoje.
CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Shasta Console Operations February 2010 Tony Caleb.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Database and Cloud Security
Web Programming Language
Google’s Gruyere1 : An XSS Example Presented by: Terry Gregory
Group 18: Chris Hood Brett Poche
XSS (Client-side) CSCE 548 Building Secure Software(07/20/2016)
CSCE 548 Student Presentation Ryan Labrador
Unit 20 - Client Side Customisation of Web Pages
An Introduction to Web Application Security
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Automatic Web Security Unit Testing: XSS Vulnerability Detection Mahmoud Mohammadi, Bill Chu, Heather Richter, Emerson Murphy-Hill Presenter:
TOPIC: Web Security (Part-4)
World Wide Web policy.
Static Detection of Cross-Site Scripting Vulnerabilities
Working with Client-Side Scripting
Cookies Cross site scripting
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Web Applications Security XSS
Auditing Etsy The Security of Etsy
Defense in Depth Web Server Custom HTTP Handler Input Validation
CSC 495/583 Topics of Software Security Intro to Web Security
Oklahoma City.
Protecting Against Common Web Application Vulnerabilities
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Cross-Site Scripting Attack (XSS)
Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago
Presentation transcript:

Exploring DOM-Based Cross Site Attacks Dr. Ammar Aldallal Computer Engineering Department

Types of cross site scripting What is DOM Cross Site Example Outline Introduction Web users threats Types of cross site scripting What is DOM Cross Site Example Defending against DOM Cross Site Conclusion 7/28/2019 Dr Ammar Aldallal

Introduction The dynamic web applications are quite complex in nature. Using web applications becomes more and more popular on a daily basis, This motivates the hackers to commit cyber-crimes such as cross-site scripting. This connectivity has raised a major security threat since attacker will be able to access personal and sensitive information. 7/28/2019 Dr Ammar Aldallal

Web Users Threats The Open Web Application Security Project has listed top-10 threats of Web Application, among are: Injection Broken Authentication and Session Management Cross- site scripting (XSS) Insecure Direct Object References Un-validated Redirects and Forwards Sensitive Data Exposure 7/28/2019 Dr Ammar Aldallal

Definition of Cross- Site Scripting (XSS) In XSS hacker attacks authentic web page with his malicious code therefore when user visits the web page the script is downloaded From: The Five Most Prevalent Web Threats Today And What You Can Do About Them, © Imperva, Inc. 2017 7/28/2019 Dr Ammar Aldallal

Types of Cross- site scripting (XSS) There are three types of Cross- site scripting (XSS) Non-Persistent (reflected) Cross- site scripting Persistent Cross- site scripting DOM-Based Cross- site scripting 7/28/2019 Dr Ammar Aldallal

Types of Cross- site scripting (XSS) Non-Persistent (reflected)Cross- site scripting means that malicious code is not persistently stored in a vulnerable server, but it is immediately echoed by the vulnerable server back to a victim Persistent Cross- site scripting means that the malicious code is persistently stored in a server’s storage, and may later be embedded in an HTML page sent to the victim. 7/28/2019 Dr Ammar Aldallal

What is DOM The Document Object Model is a convention for representing and working with objects in an HTML or XML document. 7/28/2019 Dr Ammar Aldallal

What is DOM (Cont.) Basically all HTML documents have an associated Document Object Model , consisting of objects representing the document properties from the point of view of the browser. Whenever a script is executed on client-side, the browser provides the code with the DOM of the HTML page where the script runs, thus, offering access to various properties of the page and their values, populated by the browser from its perspective 7/28/2019 Dr Ammar Aldallal

DOM based XSS  DOM cross site scripting attack relies on inappropriate handling, in the HTML page, of the data from its associated DOM, resulting in: Steal the cookies of the user or Change the page's behavior as the attacker like. DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment. 7/28/2019 Dr Ammar Aldallal

DOM based XSS Among the objects in the DOM, there are several which the attacker can manipulate in order to generate the XSS condition, and the most popular, from this perspective, are the   document.url,  document.location   document.referrer  7/28/2019 Dr Ammar Aldallal

Example of a DOM-Based XSS Attack Consider the URL: http://www.example.com/userdashboard.html  The HTML source of the URL would look like this: <html> <head> <title>Custom Dashboard </title> ... </head> Main Dashboard for <script> var pos=document.URL.indexOf("context=")+8; document.write(document.URL.substring(pos,document.URL.length)); </script> </html> 7/28/2019 Dr Ammar Aldallal

Example (Cont.) The result of http://www.example.com/userdashboard.html?context=Bader  would be a customized dashboard for Bader, containing at the top the string: “Main Dashboard for Bader”. The malicious script can be embedded in the URL as follows http://www.example.com/userdashboard.html?context=<script>SomeFunction(somevariable) http://www.example.com/userdashboard.html#context=<script>SomeFunction(somevariable) Next, the browser finds the malicious code in the HTML body and executes it, thus finalizing the DOM XSS attack. When the browser arrives to the script which gets the user name from the URL, referencing the document.urlproperty, it runs it and consequently updates the raw HTML body of the page, resulting in ... Main Dashboard for <script>SomeFunction(somevariable)</script> ...Next, the browser finds the malicious code in the HTML body and executes it, thus finalizing the DOM XSS attack. In reality, the attacker would hide the contents of the payload in the URL using encoding so that it is not obvious that the URL contains a script. Note however, that some browsers may encode the < and > characters in the URL, causing the attack to fail. However there are other scenarios which do not require the use of these characters, nor embedding the code into the URL directly, so these browsers are not entirely immune to this type of attack either. 7/28/2019 Dr Ammar Aldallal

Encoding the attack In reality, the attacker would hide the contents of the payload in the URL using encoding so that it is not obvious that the URL contains a script. https://www.example.com/userdashboard.html?S=9D4405D724CF323366E301EE382E30D758E92016D05221520B4A03F5394315BCABECDDCB3F8658ACA81432EF438CB855267978CD413EB7D7BCD3B6191ED884F15116745843535824 7/28/2019 Dr Ammar Aldallal

Defending against DOM-based XSS attacks Because some browsers may encode the “<“ and  ”>”  characters in the URL, the attack will fail.  However there are other scenarios which do not require the use of these characters, so these browsers are not entirely immune to this type of attack. 7/28/2019 Dr Ammar Aldallal

Defending against DOM-based XSS attacks Effective conceptual defense methods against the DOM XSS include: Avoiding client-side sensitive actions such as rewriting or redirection, using client-side data. Inspecting and securely handling references to DOM objects,such as URL, location and referrer. Using intrusion prevention systems which are able to inspect inbound URL parameters and prevent the inappropriate pages to be served. 7/28/2019 Dr Ammar Aldallal

Defending against DOM-based XSS attacks Difficult to detect by server-side attack detection and prevention tools Testing of the effectiveness of the sanitization methods in place, or for discovering the DOM XSS vulnerabilities can be performed Manually attempting to exploit them, Using automated tools that perform automatic penetration testing against this type of vulnerabilities, Using various payloads and mounting points. 7/28/2019 Dr Ammar Aldallal

Conclusion The DOM based cross-site is used to operate and retrieve the objects in HTML object. Different methods are used in DOM based cross-site scripting when the client sends unreliable data just to interpret the JavaScript. Finally, the objective of this presentation is to let the user be familiar with this type of cross-site scripting attack; hence, browse cautiously and safely to prevent DOM-based XSS attacks. Use updated web browser. 7/28/2019 Dr Ammar Aldallal

Thank you Questions & Answers 7/28/2019 Dr Ammar Aldallal

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.