Unformatted text preview: CrossSite Scripting (XSS)
CrossSite Scripting (XSS)
By William Gecosky What is Crosssite Scripting What is Crosssite Scripting (XSS)?
A security vulnerability in web applications allowing code injection by malicious users into the webpage's viewed by others.
This vulnerability allows attackers to bypass access controls.
HTML and client side scripts are examples of the code used for injection. History of Crosssite Scripting History of Crosssite Scripting (XSS) In October 2005 the Samy Worm became the first major worm to use crosssite scripting for infection propagation.
Since then XSS vulnerabilities have been the most common vulnerability in web applications.
XSS vulnerabilities historically originate on popular websites with community driven features such as social networking, blogs, message boards, chat rooms etc. Some Facts About CrossSite Scripting Some Facts About CrossSite Scripting (XSS) XSS can occur at anytime because the exploit required for propagation exists in over 80% of websites. Can spread faster than most other worms.
XSS vulnerabilities can damage data, send spam, and defraud customers.
XXS outbreaks are operating system independent since execution occurs in the web browser. May propagate by utilizing third
party providers of Web page widgets.
Could create a Web browser botnet enabling massive DDoS attacks
Overview of Crosssite scripting (XSS)
XSS uses executable code which is then loaded into a users web browser.
The user is the intended victim while the attacker simply uses a vulnerable website.
Once infected XSS enables theft of browser cookies which can be used to hijack user accounts.
XSS attacks have the potential to take complete control of a victims web browser. Three types of Crosssite scripting Three types of Crosssite scripting vulnerabilities.
1. 2. 3. DOMbased. (Type 0) DOMbased also referred to as local crosssite scripting, is based on the standard object model for representing HTML or XML. With DOMbased crosssite scripting vulnerabilities, the problem exists within a page's clientside script itself NonPersistent. (Type 1) also referred to as a reflected vulnerability, and is by far the most common type These holes show up when data provided by a web client is used immediately by serverside scripts to generate a page of results for that user Persistent (Type 2) also referred to as a stored or secondorder vulnerability, and it allows the most powerful kinds of attacks A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server and later displayed to users in a web page without being encoded using HTML entities. Visual representation of XSS
Visual representation of XSS Famous XSS Worms
Famous XSS Worms
The Samy Worm: the first major worm of its kind, spread by exploiting a persistent CrossSite Scripting vulnerability in MySpace.com’s personal profile web page template. Code Red Worm: took advantage of a published bufferoverflow vulnerability in Microsoft's IIS web server. Code Red managed to infect over 359,000 computers in under 24 hours by randomly scanning for additional victims. Slammer Worm: propagated itself over UDP Port 1434 by exploiting a bufferoverflow vulnerability in unpatched versions of Microsoft SQL Server. Infected hosts would randomly scan other IP addresses and quickly spread to other vulnerable hosts.
Blaster Worm: came onto the scene by launching Remote Procedure Call (RPC) attacks against unpatched versions of Microsoft Windows computers. Once a computer became infected, the worm would open a TFTP (Trivial File Transfer Protocol) command shell to other infected machines and download the payload. Defending Against XSS for users
Defending Against XSS for Use caution when clicking links in Email or instant messages, especially those containing HTML code.
Realize that no web browser has a clear security advantage with respect to XSS vulnerabilities. While never 100% effective, avoid avoid questionable websites such as those offering hacking information & tools. These websites have been known to exploit web browser vulnerabilities. Future of Crosssite Scripting
Future of Crosssite Scripting
Security experts believe new types of XSS vulnerabilities will be discovered and exploited in the future.
– Putting XSS in other file formats
Quicktime Movies etc.
Using XSS worms to create webbased dynamical botnets for denial of service attacks Works Cited
3) 4) "A Short History of CrossSite Scripting Viruses & Worms." Knol. 22 Feb 2009 <http://knol.google.com/k/jeremiahgrossman/ashort
historyofcrosssitescripting/bn6vj9pl000/15#>. "The Phishing Guide Understanding and Preventing Phishing Attacks." Technical Info. 22 Feb 2009 <http://www.technicalinfo.net/papers/Phishing.html>. Vetsch, Sven. "The Future of XSS." 22 Feb 2009 <http://www.disenchant.ch/fileadmin/downloads/praesentati
df>. "CrossSite Scripting." Wikipedia. 22 Feb 2009 <http://en.wikipedia.org/wiki/Crosssite_scripting>. ...
View Full Document
This note was uploaded on 07/24/2011 for the course EEL 3531 taught by Professor Llewelyn during the Spring '09 term at University of Florida.
- Spring '09