Friday, 17 July 2015

Cross-Site Scripting Series: Inroduction

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser, often causing side effects such as data compromise, or the stealing of a user session. This can allow an attacker to impersonate a user to steal their details, or act in their place without consent.XSS Flaws occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. 
Description of Cross-Site Scripting
Cross-Site Scripting (XSS) attacks occur when:
· Data enters a Web application through an untrusted source, most frequently a web request.
· The data is included in dynamic content that is sent to a web user without being validated for malicious content.
The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute. A successful XSS attack compromises the security of both the website and its users.
XSS vulnerability arises when web applications take data from users and dynamically include it in web pages without first properly validating the data. XSS vulnerabilities allow an attacker to execute arbitrary commands and display arbitrary content in a victim user's browser. A successful XSS attack leads to an attacker controlling the victim’s browser or account on the vulnerable web application.
Example
     
index.php: <?php
$name = $_GET['name'];
echo "Welcome $name<br>";
echo "<a href="http://infosecaffairs.blogspot.com/">Click to Download</a>";
?>
Now the attacker will craft an URL as follows and send it to the victim:
   
index.php?name=guest<script>alert('XSS')</script>
    
When the victim loads the above URL into the browser, he will see an alert box which says ‘attacked’. Even though this example doesn’t do any damage, other than the annoying ‘attacked’ pop-up, you can see how an attacker can use this method to do several damaging things.
In the next part of the series we will discuss about the Types of XSS vulnerabilities

No comments:

Post a Comment

Prevention Techniques: Cross-site request forgery (CSRF)

1. The best defense against CSRF attacks is unpredictable tokens, a piece of data that the server can use to validate the request, and wh...