Cross Site Scripting also known as XSS , is one of the most typical web appliction weeknesses that allows an enemy to run his own customer part scripts(especially Javascript) into web pages viewed by other customers.
In a typical XSS strike, a cyberpunk provide his harmful javascript value in the legitimate website . When a customer examine out the specially-crafted weblink , it will perform the harmful javascript. A efficiently utilized XSS weeknesses will allow assailants to do phishing strikes, grab accounts and even viruses.
Example :Let us think about, a cyberpunk has discovered XSS weeknesses in Googlemail and injectmalicious program. When a customer examine out your website, it will perform the harmful program. The harmful value can be used to divert customers to fake search engines mail web page or capture biscuits. Using this thieved biscuits, he can sign in into your consideration and change security password.
It will be clear and understandable XSS , if you have the following prerequisite:
Strong Information in HTML,javascript(Reference).
Basic Information in HTTP client-Server Architecure(Reference)
[optional]Basic Information about hosting server part programming(php,asp,jsp)
XSS Attack:
Step 1: Discovering Insecure Website
Hackers use search engines lady for choosing the vulnerable websites for example "?search=" or ".php?q=" . 1337 target specific websites instead of using look for. If you are going to analyze your site, you have to examine every web page in your site for the weeknesses.
Step 2: Testing the Vulnerability:
First of all, we have to discover a feedback area so that we can provide our own program, for example: look for box,username,password or any other feedback areas.
Test 1 :
Once we discovered the feedback area, let us try to put some sequence within the area, for example let me feedback "BTS". It will show the result .
Now right click on the page and select view source. search for the string "BTS" which we entered in the input field. Note the location where the input is placed.
Test 2:
Now we are going to examine whether the hosting server clean our feedback or not. In order to do this , let us feedback the <script> tag within the feedback area.
View the source of the page . Find the location where input displayed place in previous test.
Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this <script>. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .
Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack. But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code. For instance, let us input <script>alert('BTS')</script> .
Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS . By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.
Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.
Persistent XSS:
The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.
For Example:
Many websites host a support forum where registered users can ask their doubts by posting message , which are stored in the database. Let us imagine , An attacker post a message containing malicious javascript code instead. If the server fail to sanitize the input provided, it results in execution of injected script. The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.
Non-Persistent XSS:
Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest. The server embedd the input with the html file and return the file(HTTPResponse) to browser. When the browser executes the HTML file, it also execute the embedded script. This kind of XSS vulnerability frequently occur in search fields.
Example:
Let us consider a project hosting website. To find our favorite project, we will just input the related-word in the search box . When searching is finished, it will display a message like this "search results for yourword " . If the server fail to sanitize the input properly, it will results in execution of injected script.
In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser. The browser then executes the code .
In addition to these types, there is also third type of attack called DOM Based XSS attack, i will explain about this attack in later posts.
What can an attacker do with this Vulnerability?
- Stealing the Identity and Confidential Data(credit card details).
- Bypassing restriction in websites.
- Session Hijacking(Stealing session)
- Malware Attack
- Website Defacement
- Denial of Service attacks(Dos)
Disclaimer:
This article is intended for educational purpose only.