CROSS SITE SCRIPTING

(XSS)

Presented by: Nabin Dutta

3rd Year , IT

Class Roll: 44Mentor:

Mrs. Suparna Seal

Sl. No Topic

1 What is XSS?

2 Diagram of Typical XSS attack

3 XSS attack used for:

4 Types of XSS

5 Reflected XSS

6 Attack Scenario of Reflected XSS

7 Stored XSS

8 Attack Scenario of Stored XSS

9 DOM-Based XSS

10 Attack Scenario of DOM Based XSS

11 Steps to an XSS attack

12 Protection

13 Conclusion

What Is XSS Cross-site scripting or XSS is defined as a

computer security vulnerability (weakness) found in web applications.

It allows a variety of code to be injected by a malicious user into a webpage

The code is written in JavaScript, VBScript, ActiveX, HTML, or Flash

It can cause Installation of Trojan horse programs the CSS attack involves three parties – the

attacker, a client and the web site. During an attack “everything looks fine” to the

end user, but in actuality they are subject to an endless amount of threats

Typical XSS attack

XSS attacks used for:

Hijacking Accounts(stealing their private information)

False Advertising & inserting hostile content Cookie theft(stealing other user’s

cookies) /poisoning & defacing websites Changing of users settings Conducting phishing attacks performing actions on behalf of other users Spying on user’s web browsing habits.

Types of XSS

1. Non-Persistent (Reflected)

2. Persistent (Stored )

3. DOM-Based (Local)

Reflected

Most common type An attacker convinces a user to follow a

malicious URL which injects code into the resulting page

Now the attacker has full access to that pages content

Attack Scenario of Reflected

The user comes in contact with a malicious link, form, or a malicious redirection.

The Web application is requested prepared the call by the Bank.

The XSS-code is an XSS vulnerability of the banking application, inserted into the page.

The infected page with XSS code is sent to the user. The XSS-code context of the page arrived at the

user and thus bypassing the "Same Origin" security setting of the Web browser.

XSS-code sends stolen data to the server of the attacker.

Stored XSS

JavaScript supplied by the attacker is stored by the website (e.g. in a database)

Doesn’t require the victim to supply the JavaScript somehow, just visit the exploited web page

More dangerous than Reflected XSS

Attack Scenario of Persistent

The Web application of the bank is called with the XSS code.

The malicious code enters into an XSS vulnerability in the application and is stored there.

A user calls the Web application of the Bank. The malicious code is installed from the memory to

the website. The infected Web page is sent to the user. The XSS code context of the page arrived at the user,

and thus bypassing the "Same Origin" security setting of the Web browser.

The XSS code sends stolen data to the server of the attacker.

DOM Based XSS

Occur in the content processing stages performed by the client

DOM-Based (Local) Document Object Model

Standard object model for representing html or xhtml Problem exists within the page’s client side

script If an attacker hosts a malicious site, which

contains a vulnerable website on a clients local system, a script can be injected

Now the attacker can run the privileges of that users browser on their system.

Attack Scenaro of DOM-Based

The Web application is requested by the Bank prepared the call.

The XSS-code inserted in the cookie. The cookie with the malicious code is sent to

the user and stored with him. The user calls the Web application of the Bank. The malicious code is installed from the cookie

in the Web page. The infected Web page is sent to the user. The XSS code sends stolen data to the server

of the attacker.

Steps to an XSS attack

Select a target Find an XSS hole, and look if it has any cookies If it has a cookie, then you have found a target

Testing Insert code or script pointing to the vulnerability Make sure the page does not appear broken

XSS Execution Send your crafted URL to launch it More experienced attackers would do a few redirects

to steal cookies, return to site, then attack them harder

Decide what to do with the data After collecting data, it is possible to perform an

attack

Protection

• The simplest form of XSS protection is to pass all external data through a filter (in server-side).

• It is recommended to use libraries that has been tried and tested by the community.

• XSS techniques keep changing (your filters will need to be updated periodically).

Conclusion

XSS is defined as the number one and utmost prevalent website vulnerability on the internet

No one is ever completely safe from XSS Can not be expected to write flawless code or

have round the clock personnel to answer all possible vulnerability issues

As XSS vulnerabilities continue to grow, the best way to protect yourself from it is to be careful and be aware of its existence