March Intensive: XSS Exploits

Slides:

Advertisements

Similar presentations

Nick Feamster CS 6262 Spring 2009

Advertisements

Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.

Past, Present and Future By Eoin Keary and Jim Manico

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

EECS 354 Network Security Cross Site Scripting (XSS)

Team Members: Brad Stancel,

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Ben Livshits and Weidong Cui Microsoft Research Redmond, WA.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

SOFTWARE SECURITY JORINA VAN MALSEN 1 FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities in Rich Web Applications.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Prevent Cross-Site Scripting (XSS) attack

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.

Ku-Yaw Chang Assistant Professor, Department of Computer Science and Information Engineering Da-Yeh University.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Cross Site Scripting (XSS) Chaitanya Lakshmi

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks.

The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Cross Site Scripting and its Issues By Odion Oisamoje.

RUBRIC IP1 Ruben Botero Web Design III. The different approaches to accessing data in a database through client-side scripting languages. – On the client.

ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.

Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

XSS VULNERABILITIES Nicole Coppola. XSS - Capabilities Cookie Theft – Session Hijacking Keylogging – addEventListener; passwords, credit cards, etc. Phishing.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

1 Figure 9-3: Webserver and E-Commerce Security Browser Attacks  Take over a client via the browser Interesting information on the client Can use browser.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Brief Look InTo JavaScript Dr. Thomas Hicks Computer Science Department Trinity University.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

XSS 101 Jason Clark 12/20.

Javascript worms By Benjamin Mossé SecPro

Group 18: Chris Hood Brett Poche

An Introduction to Web Application Security

Cross-Site Scripting Travis Deyarmin.

Cross Sight scripting: Type-2

Exploring DOM-Based Cross Site Attacks

Enterprise Class Security Scanner

Presentation transcript:

March Intensive: XSS Exploits Patrick Dyroff

Sudikoff This past week, I worked at the Sudikoff building in Dartmouth which is the computer science department. More specifically, I worked in the computer science lab everyday and spent my time researching and learning about a very popular technique of web hacking called XSS. http://www.ists.dartmouth.edu/images/Sudikoff_Lab.JPG

Sergey Bratus ISTS' Chief Security Advisor and a Postdoctoral Research Assistant Professor in the Computer Science Department at Dartmouth College Taught the “Computer Security and Privacy” course Undergraduate education at the Moscow Institute of Physics and Technology (AKA, Moscow Phystech), and his Ph.D. at Northeastern University (1999). I have been learning from a man named Sergey for the past couple months and thought I would take this opportunity to work full time on a project with him. We have been working completely on computer security, whether it was network or hardware. I asked him what I could spend a week working on and he offered this topic and I found it very interesting. So I worked on researching and coding my own examples of cross site scripting on a website that I hosted locally on my computer. http://www.ists.dartmouth.edu/people/fellows/bratus.html

What is XSS? Cross-Site Scripting Webpage vulnerability Simple, Used often Code Injection Three types: Type 1, 2 … 0? Cross-site scripting is a type of computer security vulnerability typically found in web applications. They allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML, JavaScript and client-side scripts. An exploited cross-site scripting vulnerability can be used by malicious users to bypass access controls. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. There are three types: type 1, type 2, and type 0. These names have been coined off http://www.xssed.com/xssinfo and are a great way to think about each type, but are not the universal name for each. http://cdn.memegenerator.net/instances/400x/15481816.jpg

Type 1 Known as non-persistent or reflected. The most common type. Arises when server-side scripts generate a page of results using the data from the web client for the user. An attacker could embed this URL in an email, posing a situation and enticing the victim to click on it This type of vulnerability is known as non-persistent or reflected. This is the most common type. This vulnerability arises when server-side scripts generate a page of results using the data from the web client for the user. In layman's term, it’s when the website uses the victim’s information, in many cases the URL, to generate a page for them. If invalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. Using this technique and a little social engineering, an attacker could embed this URL in an email, posing a situation enticing the victim to click on it and receiving all the commands that the attacker wants.

Type 2 Known as stored, persistent, or second order Most powerful type of XSS attack Can be made when data provided to a web app by a user is stored in a database or file system and can be accessed later by different users Forums are a Type 2 targeted victim examples This type of vulnerability is also known as stored, persistent, or second order. This is the most powerful type of XSS attack. This exploit can be made when data provided to a web application by a user is stored in a database or file system and can be accessed later by different users. An example of this: A malicious user logs onto a blogging site and there is a forum viewed by many others. The user writes a response on the forum that looks very normal, with text similar to other responses, but then puts code that will be executed on viewing her post. This can be used to affect a large number of people with a single injection.

Type 0 Known as DOM-based or Local XSS Very similar to the type 1 vulnerability The problem is also within a page’s client side script There is one key difference between the two This attack goes around the client-side sandbox, not only the cross domain, like other XSS attacks do This type of attack is known as DOM-based or Local XSS. It is very similar to the type 1 vulnerability. The problem is within a page’s client side script. If a piece of JavaScript accesses a URL request parameter and uses this in its HTML code, XSS exploitation is available. In other words, almost completely the same as type 1. There is one key difference between the two. The browser, such as Internet Explorer, treats client-side script in object locally, like in the hard drive of the client. This can result in remote execution vulnerabilities. An attacker could inject a script with privileges of the users browser on their own system. This attack goes around the client-side sandbox, not only the cross domain, like other XSS attacks do.

How can it be used? Cookies!! Allows access to previous sessions Certain logon information Worms, Phishing, Spamming, Oh My! It is used frequently to steal a victim’s cookies. Cookies are small pieces of data sent from a website and stored in a users browser while the user is browsing a website. When the user is browsing the same website in the future, the data can be retrieved by the website. They are designed to remember the state or activities that the user had before leaving. This can include clicking buttons, logging in, or a record of what pages you visited in the past. If an attack got this he could impersonate his victim and use it to log into his previous session. The main reason to use XSS is to obtain data from the victim to use at the attacker leisure. http://meowcheese.com/files/lolpics/2010/06/ok-ok-i-stole-a-cookie.jpg

Patches All these examples can be patched relatively easily Many possibilities that keep being found HTML or JavaScript escape function All these examples can be patched relatively easily, but there are many possibilities that keep being found, so it’s a constant battle. Usually, the owner can put a HTML or JavaScript escape function that escapes the script indicators such as <> or “”. Even then, some hackers have gotten around the HTML and Java escape.

Thanks for listening! http://mimmoo.wordpress.com/2011/06/19/xss-persistent-and-xss-non-persistent/ http://www.xssed.com/xssinfo http://www.webappsec.org/projects/articles/071105.shtml http://4.bp.blogspot.com/__5OawHFd3c4/TTGDPgLjRMI/AAAAAAAAAB4/mcHw3--TsVo/s1600/teaser_xss.png http://images.sodahead.com/profiles/0/0/2/8/9/6/8/4/1/Jazz_Hands_Cat-79814272162.jpeg