The Cross-Site Scripting attack Reflected XSS Persistent XSS Damage done by XSS attacks XSS attacks to befriend with others
XSS attacks to change other peoples profiles Self-propagation Countermeasures The Cross-Site Scripting Attack Basically, code can do whatever the user can do inside the session.
In XSS, an attacker injects his/her malicious code to the victims browser via the target website. When code comes from a website, it is considered as trusted with respect to the website, so it can access and change the content on the
pages, read cookies belonging to the website and sending out requests on behalf of the user. Types of XSS Attacks Non-persistent (Reflected) XSS Attack Persistent (Stored) XSS Attack
Non-persistent (Reflected) XSS Attack Assume a vulnerable service on website : http:// www.example.com/search?input=word, where word is provided by the users. Now the attacker sends the following URL to the victim and tricks him to click the link: http://www.example.com/search?input= Once the victim clicks on this link, an HTTP GET request will be sent to the www.example.com web server, which returns a page containing the search
stored data to other users, it creates a channel between the users and the attackers. Example : User profile in a social network is a channel as it is set by one user and viewed by another. Persistent (Stored) XSS Attack These channels are supposed to be data channels.
Samy clicks add-friend button from Charlies account (discussed in CSRF) to add himself to Charlies friend list. Using Firefoxs LiveHTTPHeader extension, he captures the add-friend request. XSS Attacks to Befriend with Others Line : URL of Elggs add-friend request. UserID of the user to
Line : Elggs countermeasure against CSRF attacks (this is now enabled). XSS Attacks to Befriend with Others The main challenge is to find the values of CSRF countermeasures parameters : _elgg_ts and _elgg_token.
variables. Line and : Construct the URL with the data attached. The rest of the code is to create a GET request using Ajax. Inject the Code Into a Profile
If we check Alices friends list, Samy is added. XSS Attacks to Change Other Peoples Profiles Goal: Putting a statement SAMY is MY HERO in other peoples profile without their consent. Investigation taken by attacker Samy : Samy captured an edit-profile request using LiveHTTPHeader.
Captured HTTP Request Line : URL of the edit-profile service. Line : Session cookie (unique for each user). It is automatically set by browsers. Line : CSRF
countermeasures, which are now enabled. Captured HTTP Request (continued) Line : Description field with our text Samy is my hero Line : Access level of each field: 2 means the field is viewable to everyone. Line : User ID (GUID) of the victim. This can be obtained by visiting victims
content in Samys profile. Inject the into Attackers Profile Samy can place the malicious code into his profile and then wait for others to visit his profile page. Login to Alices account and view Samys profile. As soon as Samys profile is loaded, malicious code will get executed. On checking Alice profile, we can see that SAMY IS MY HERO is added to the About me field of her profile.
Self-Propagation XSS Worm Use document.getElementById(worm) to get the reference of the node innerHTML gives the inside part of the node, not including the script tag. So, in our attack code, we can put the message in the description field along with a copy of the entire code. Self-Propagation XSS Worm
Line and : Construct a copy of the worm code, including the script tags. Line : We split the string into two parts and use + to concatenate them together. If we directly put the entire string, Firefoxs HTML parser will consider the string as a closing tag of the script block and the rest of the code will be ignored. Self-Propagation XSS Worm Line : In HTTP POST requests, data is sent with Content-Type as application/ x-www-form-urlencoded. We use encodeURIComponent() function to encode
xssworm.js will be fetched from the URL. Hence, we do not need to include all the worm code in the profile. Inside the code, we need to achieve damage and self-propagation.
Countermeasures: the Filter Approach Removes code from user inputs. It is difficult to implement as there are many ways to embed code other than to <script>alert(XSS) Countermeasures: Elggs Approach PHP module HTMLawed: Highly customizable PHP script to sanitize HTML against XSS attacks.
CSP Example Policy based on the origin of the code Code from self, example.com, and google will be allowed. How to Securely Allow Inlined Code Using nonce Allowed
Not allowed Using hash of the code Setting CSP Rules Discussion Questions Question 1: What are the main differences of CSRF and XSS attacks? They both
have cross site in their names. Question 2: Can we use the countermeasures against CSRF attacks to defend against XSS attacks, including the secret token and same-site cookie approaches? Summary Two types of XSS attacks How to launch XSS attacks
Create a self-propagating XSS worm Countermeasures against XSS attacks
Directions: Plot the original points as indicated. Connect the points to make a right triangle. Then, perform the given dilation. Soooo, when a figure is dilated by a scale factor GREATER than one, the image gets _____.
Dominant Symbols The Carousel The Red Hunting Cap The Catcher's Mitt The Ducks in Central Park Pond The Museum of Natural History Pencey Prep Holden's Quests Holden is looking for THREE things: The Innocence of Childhood Wants things to remain...
Also by comparing 1000-500 mb thickness and surface pressure isobars, which have historically been plotted together on weather charts (MSLP/1000-500 thickness chart) 500-1000mb Thickness In addition to isotherms on a constant pressure surface, we can look at thickness compared to...
Leadership - 101 By Jeff Kowalski & Delores Mishleau Resource: "Launching a Leadership Revolution" by Chris Brady & Orrin Woodward "Leaders provide a mental picture of a preferred future and then ask people to follow them there." Andy Stanley "Leadership...
Know the chart on page 4: qui, quae, quod. Antecedent. Relative pronoun replaces the antecedent in the relative clause. Antecedents and relative pronouns AGREE in GENDER and NUMBER. 30-Active and Passive Voice. Active Voice o, s, t, mus, tis, nt.
Safety Symbols Disposal Alert This symbol appears when care must be taken to dispose of materials properly. Biological Hazard This symbol appears when there is danger involving bacteria, fungi, or protists. Open Flame Alert This symbol appears when use of...
Ready to download the document? Go ahead and hit continue!