March Intensive:
XSS Exploits
Patrick Dyroff
Sudikoff
http://www.ists.dartmouth.edu/images/Sudikoff_Lab.JPG
Sergey Bratus
• ISTS' Chief Security Advisor and
a Postdoctoral Research
Assistant Professor in the
Computer Science Department
at Dartmouth College
• Taught the “Computer Security
and Privacy” course
• Undergraduate education at
the Moscow Institute of Physics
and Technology (AKA, Moscow
Phystech), and his Ph.D. at
Northeastern University (1999).
http://www.ists.dartmouth.edu/people/fellows/bratus.html
What is XSS?
• Cross-Site Scripting
• Webpage vulnerability
• Simple, Used often
•
Code Injection
• Three types: Type 1, 2 … 0?
http://cdn.memegenerator.net/instances/400x/15481816.jpg
Type 1
• Known as non-persistent or
reflected.
• The most common type.
• Arises when server-side scripts
generate a page of results using
the data from the web client for
the user.
• An attacker could embed this URL
in an email, posing a situation and
enticing the victim to click on it
Type 2
• Known as stored, persistent, or second
order
• Most powerful type of XSS attack
• Can be made when data provided to a
web app by a user is stored in a
database or file system and can be
accessed later by different users
• Forums are a Type 2 targeted victim
examples
Type 0
• Known as DOM-based or Local XSS
• Very similar to the type 1 vulnerability
• The problem is also within a page’s
client side script
•
There is one key difference between
the two
• This attack goes around the client-side
sandbox, not only the cross domain, like
other XSS attacks do
How can it be used?
• Cookies!!
• Allows access to previous
sessions
• Certain logon information
• Worms, Phishing,
Spamming, Oh My!
http://meowcheese.com/files/lolpics/2010/06/ok-ok-i-stole-a-cookie.jpg
Patches
• All these examples can be
patched relatively easily
• Many possibilities that keep
being found
• HTML or JavaScript escape
function
Thanks for listening!
http://images.sodahead.com/profiles/0/0/2/8/9/6/8/4/1/Jazz_Hands_Cat-79814272162.jpeg