March Intensive: XSS Exploits Patrick Dyroff
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
March Intensive:XSS Exploits
Patrick Dyroff
Sudikoff
http://www.ists.dartmouth.edu/images/Sudikoff_Lab.JPG
Sergey Bratus• ISTS' Chief Security Advisor and
a Postdoctoral Research Assistant Professor in the Computer Science Department at Dartmouth College
• Taught the “Computer Security and Privacy” course
• Undergraduate education at the Moscow Institute of Physics and Technology (AKA, Moscow Phystech), and his Ph.D. at Northeastern University (1999).
http://www.ists.dartmouth.edu/people/fellows/bratus.html
What is XSS?
• Cross-Site Scripting
• Webpage vulnerability
• Simple, Used often
• Code Injection
• Three types: Type 1, 2 … 0?
http://cdn.memegenerator.net/instances/400x/15481816.jpg
Type 1• Known as non-persistent or
reflected.
• The most common type.
• Arises when server-side scripts generate a page of results using the data from the web client for the user.
• An attacker could embed this URL in an email, posing a situation and enticing the victim to click on it
Type 2• Known as stored, persistent, or second
order
• Most powerful type of XSS attack
• Can be made when data provided to a web app by a user is stored in a database or file system and can be accessed later by different users
• Forums are a Type 2 targeted victim examples
Type 0• Known as DOM-based or Local XSS
• Very similar to the type 1 vulnerability
• The problem is also within a page’s client side script
• There is one key difference between the two
• This attack goes around the client-side sandbox, not only the cross domain, like other XSS attacks do
How can it be used?
• Cookies!!
• Allows access to previous sessions
• Certain logon information
• Worms, Phishing, Spamming, Oh My!
http://meowcheese.com/files/lolpics/2010/06/ok-ok-i-stole-a-cookie.jpg
Patches• All these examples can be
patched relatively easily
• Many possibilities that keep being found
• HTML or JavaScript escape function
Thanks for listening!
http://images.sodahead.com/profiles/0/0/2/8/9/6/8/4/1/Jazz_Hands_Cat-79814272162.jpeg
Related Documents
