Group 10-2 - Cross­Site Scripting (XSS) Cross­Site...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Cross­Site Scripting (XSS) Cross­Site Scripting (XSS) By William Gecosky What is Cross­site Scripting What is Cross­site Scripting (XSS)? A security vulnerability in web applications allowing code injection by malicious users into the webpage's viewed by others. This vulnerability allows attackers to bypass access controls. HTML and client side scripts are examples of the code used for injection. History of Cross­site Scripting History of Cross­site Scripting (XSS) In October 2005 the Samy Worm became the first major worm to use cross­site scripting for infection propagation. Since then XSS vulnerabilities have been the most common vulnerability in web applications. XSS vulnerabilities historically originate on popular websites with community driven features such as social networking, blogs, message boards, chat rooms etc. Some Facts About Cross­Site Scripting Some Facts About Cross­Site Scripting (XSS) XSS can occur at anytime because the exploit required for propagation exists in over 80% of websites. Can spread faster than most other worms. XSS vulnerabilities can damage data, send spam, and defraud customers. XXS outbreaks are operating system independent since execution occurs in the web browser. May propagate by utilizing third­ party providers of Web page widgets. Could create a Web browser botnet enabling massive DDoS attacks Are difficult to spot because the network behavior of infected browsers remains relatively unchanged and the JavaScript exploit code is hard to distinguish from normal web page markup. Are easier to stop than traditional Internet viruses because denying access to the infectious website will quarantine the spread Overview of Cross­site scripting (XSS) Overview of Cross­site scripting (XSS) XSS uses executable code which is then loaded into a users web browser. The user is the intended victim while the attacker simply uses a vulnerable website. Once infected XSS enables theft of browser cookies which can be used to hijack user accounts. XSS attacks have the potential to take complete control of a victims web browser. Three types of Cross­site scripting Three types of Cross­site scripting vulnerabilities. 1. 2. 3. DOM­based. (Type 0) DOM­based also referred to as local cross­site scripting, is based on the standard object model for representing HTML or XML. With DOM­based cross­site scripting vulnerabilities, the problem exists within a page's client­side script itself Non­Persistent. (Type 1) also referred to as a reflected vulnerability, and is by far the most common type These holes show up when data provided by a web client is used immediately by server­side scripts to generate a page of results for that user Persistent (Type 2) also referred to as a stored or second­order vulnerability, and it allows the most powerful kinds of attacks A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server and later displayed to users in a web page without being encoded using HTML entities. Visual representation of XSS Visual representation of XSS Famous XSS Worms Famous XSS Worms The Samy Worm: the first major worm of its kind, spread by exploiting a persistent Cross­Site Scripting vulnerability in MySpace.com’s personal profile web page template. Code Red Worm: took advantage of a published buffer­overflow vulnerability in Microsoft's IIS web server. Code Red managed to infect over 359,000 computers in under 24 hours by randomly scanning for additional victims. Slammer Worm: propagated itself over UDP Port 1434 by exploiting a buffer­overflow vulnerability in unpatched versions of Microsoft SQL Server. Infected hosts would randomly scan other IP addresses and quickly spread to other vulnerable hosts. Blaster Worm: came onto the scene by launching Remote Procedure Call (RPC) attacks against unpatched versions of Microsoft Windows computers. Once a computer became infected, the worm would open a TFTP (Trivial File Transfer Protocol) command shell to other infected machines and download the payload. Defending Against XSS for users Defending Against XSS for Use caution when clicking links in E­mail or instant messages, especially those containing HTML code. Realize that no web browser has a clear security advantage with respect to XSS vulnerabilities. While never 100% effective, avoid avoid questionable websites such as those offering hacking information & tools. These websites have been known to exploit web browser vulnerabilities. Future of Cross­site Scripting Future of Cross­site Scripting Security experts believe new types of XSS vulnerabilities will be discovered and exploited in the future. – – – – – Putting XSS in other file formats Flash­Movies PDF’s Quick­time Movies etc. Using XSS worms to create webbased dynamical botnets for denial of service attacks Works Cited Works Cited 1) 2) 3) 4) "A Short History of Cross­Site Scripting Viruses & Worms." Knol. 22 Feb 2009 <http://knol.google.com/k/jeremiah­grossman/a­short­ history­of­cross­site­scripting/bn6vj9pl000/15#>. "The Phishing Guide ­ Understanding and Preventing Phishing Attacks." Technical Info. 22 Feb 2009 <http://www.technicalinfo.net/papers/Phishing.html>. Vetsch, Sven. "The Future of XSS." 22 Feb 2009 <http://www.disenchant.ch/fileadmin/downloads/praesentati ons/praes_svetsch_20060915_09_the_future_of_xss_0sec.p df>. "Cross­Site Scripting." Wikipedia. 22 Feb 2009 <http://en.wikipedia.org/wiki/Cross­site_scripting>. ...
View Full Document

Ask a homework question - tutors are online