No announcement yet.

Web Servers - Cross-Site Scripting

  • Filter
  • Time
  • Show
Clear All
new posts

  • Web Servers - Cross-Site Scripting

    A common attack web sites and web applications is the Cross-site scripting (XSS) attack. This kind of attack is a way to inject JavaScript, JS or other client side scripting language into the website and have it execute in the context of the victim user. The target for this kind of attack is not so much an attack on the web application itself as it is an attack on other end users. By careful analysis of the target web application, an attacker will attempt to find ways to inject malicious code into the web page in order to gain information such as session cookies or other useful information, to elevate privileges to that of the victim. This information comes from the victims browser more than the web application itself.

    Some steps include the following
    • The attacker discovers that a web application suffers from an XSS vulnerability.
    • The attacker sends an email to the victim with some form of click-bait. The email contains a link to the site containing the vulnerability and the link will have a malicious script embedded in the URL.
    • When the victim clicks the link, the site will load and likely display no abnormalities or errors to the victim.
    • The script will then be executed.
    • The script will likely attempt to fetch the end user cookie by calling a function such as document.cookie().
    • The script will then attempt to send the cookie information to the attacker using technology such as AJAX.
    • Using this information, the attacker may be able to access the web application with the privileges of the victim.

    Of course there are a wealth of ways to perform this kind of attack. XSS is an old attack and many browsers today have build-in protections against attacks such as XSS. Nevertheless, this attack is sometimes still possible. End users man also be using an outdated browser that does not have these features. In the end it all comes down to the quality of the code in the web application, the use of best practice etc.
    Certified Security Geek