What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web
appliction vulnerability that allows an attacker to run his own client
side scripts(especially Javascript) into web pages viewed by other
users.
In a typical XSS attack, a hacker inject his malicious javascript code
in the legitimate website . When a user visit the specially-crafted
link , it will execute the malicious javascript. A successfully
exploited XSS vulnerability will allow attackers to do phishing attacks,
steal accounts and even worms.
Example :Let us imagine, a hacker
has discovered XSS vulnerability in Gmail and inject malicious script.
When a user visit the site, it will execute the malicious script. The
malicious code can be used to redirect users to fake gmail page or
capture cookies. Using this stolen cookies, he can login into your account and
change password.It will be easy to understand XSS , if you have the following prerequisite:
- Strong Knowledge in HTML,javascript(Reference).
- Basic Knowledge in HTTP client-Server Architecure(Reference)
- [optional]Basic Knowledge about server side programming(php,asp,jsp)
XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance
"?search=" or ".php?q=" . 1337 target specific sites instead of using
google search. If you are going to test your own site, you have to
check every page in your site for the vulnerability.
Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our
own script, for example: search box, username,password or any other
input fields.
Test 1 :
Once we found the input field, let us try to put some string inside the
field, for instance let me input "BTS". It will display the result .
Now right click on the page and select view source. search for the
string "BTS" which we entered in the input field. Note the location
where the input is placed.
Test 2:
Now we are going to check whether the server sanitize our input or not.
In order to do this , let us input the <script> tag inside the
input field.
View the source of the page . Find the location where input displayed place in previous test.
Thank god, our code is not being sanitized by the server and
the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this
<script>. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .
Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack. But let us
make sure whether the site is completely vulnerable to this attack by
injecting a full javascript code. For instance, let us input
<script>alert('BTS')</script> .
Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS . By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.
Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.
Persistent XSS:
The Persistent or Stored XSS attack occurs when the malicious code
submitted by attacker is saved by the server in the database, and then
permanently it will be run in the normal page.
For Example:
Many websites host a support forum where registered users can ask their
doubts by posting message , which are stored in the database. Let us
imagine , An attacker post a message containing malicious javascript
code instead. If the server fail to sanitize the input provided, it
results in execution of injected script. The code will be executed
whenever a user try to read the post. If suppose the injected code is
cookie stealing code, then it will steal cookie of users who read the
post. Using the cookie, attacker can take control of
your account.
Non-Persistent XSS:
Non-Persistent XSS, also referred as Reflected XSS , is the most common
type of XSS found now a days. In this type of attack, the injected code
will be send to the server via HTTPrequest. The server embedd the input
with the html file and return
the file(HTTPResponse)
to browser. When the browser executes the HTML file, it also execute
the embedded script. This kind of XSS vulnerability frequently occur in
search fields.
Example:
Let us consider a project
hosting
website. To find our favorite project, we will just input the
related-word in the search box . When searching is finished, it will
display a message like this "search results for yourword " . If the
server fail to sanitize the input properly, it will results in execution
of injected script.
In case of reflected XSS attacks, attacker will send the
specially-crafted link to victims and trick them into click the link.
When user click the link, the browser will send the injected code to
server, the server reflects the attack back to the users' browser. The
browser then executes the code .
In addition to these types, there is also third type of attack called
DOM Based XSS attack, i will explain about this attack in later posts.
What can an attacker do with this Vulnerability?
- Stealing the Identity and Confidential Data(credit card details).
- Bypassing restriction in websites.
- Session Hijacking(Stealing session)
- Malware Attack
- Website Defacement
- Denial of Service attacks(Dos)
Disclaimer:
This article is intended for educational purpose only.
View Full Article : breakthesecurity.com
in
your browser’s address bar which indicates a secure connection. On some
websites like paypal.com which uses an extended validation certificate,
the address bar turns 