Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-Site Scripting (XSS) Attack Lab

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cross-Site Scripting (XSS) Attack Lab"— Presentation transcript:

1 Cross-Site Scripting (XSS) Attack Lab
Zutao Zhu 11/10/2009

2 Outline Basic idea

3 Basic Idea

4 Task 1 Run the code

5 Task 2 Run the code

6 Task 3 Run the code Pay attention to the empty space in the cookie
You can use escape() to delete the space in cookie

7 Task 4 Change the sample code to include cookie into the post data
Use urlConn.addRequestProperty() Refer to to learn how to install JDK

8 Task 5 Goal: When the victim clicks this post, it will automatically create a post for this victim. Steps: Retrieve the session ID of the user using JavaScript. Forge a HTTP post request to post a message using the session ID.

9 Task 5 Write an XSS worm construct the Http request
find the sid in cookie construct the content to send, the format of the content can be get from LiveHttpHeader Send Try to minimize the size of the script

10 Task 6 To be able to propagate itself, the forged message should also include a worm, so whenever somebody clicks on the forged message, a new forged message that carry the same worm will be created. This way, the worm can be propagated.

11 Task 6 Self-Propagating XSS Worm
making a copy of itself when posting the message ensuring the message posted is encoded using URL encoding

12 Strategy Uses DOM API for making a copy of itself
Uses the JavaScript function encode() for the purpose of URL encoding Avoids using the ‘+’ symbol for string concatenation and addition, because URL encoding use ‘+’ to denote a space Uses absolute values, avoids number manipulation, and the concat() function for string concatenation

13 Note concat() - Combines the text of two or more strings and returns a new string.

Download ppt "Cross-Site Scripting (XSS) Attack Lab"

Similar presentations

PHP Form and File Handling

PHP Form and File Handling
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Protecting Browsers from Cross-Origin CSS Attacks Lin-Shung Huang, Zack Weinberg Carnegie Mellon University Chris Evans Google Collin Jackson Carnegie.

Protecting Browsers from Cross-Origin CSS Attacks Lin-Shung Huang, Zack Weinberg Carnegie Mellon University Chris Evans Google Collin Jackson Carnegie.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Languages for Dynamic Web Documents

Languages for Dynamic Web Documents
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.

Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.

Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March
Cookies Cross site scripting

Cookies Cross site scripting

Similar presentations

Ads by Google