XSS 3

 the CGI simply responds, “No information for dinosaur.” However, this result is more interesting than the previous one from the point of view of cross-sitescripting. Nowhere in the previous query (apart from in the rows of the result set) did the keyword we search for appear in the dynamic page returned by the CGI. However, searching with other erroneous keywords quickly confirms that the CGI always prints the keyword upon an unsuccessful search. What are the chances that this CGI is vulnerable tocross-site scripting? To be vulnerable, the CGI would have to respond blindly with whatever search term we supplied it, even if that term contained HTML or JavaScript. If we can substitute “dinosaur” with a malicious script, the system is vulnerable.

Most frequently, cross-site scripting vulnerabilities are used by an attacker to obtain information, such as a cookie or session ID, which is available via the Document Object Model. However, some cross-site scripting vulnerabilities might allow execution of arbitrary code on the victim’s machine, especially when the vulnerability is in a trusted site or Web-driven client application, or is combined with an unsafe ActiveX control.

Cross-site scripting can also be used to:

  • Deface a Web site. By inserting script that modifies the content of a page, or pops up an alert, an attacker can vandalize another person’s Web site.

  • Manipulate the Document Object Model. If scripts can be executed, any of the functions available through the browser’s Document Object Model can be called, including functions that read and write files (usually blocked in “unsafe” domains, but cross-site scripting bugs are not confined to these), pop up windows, or manipulate cookies and history.

  • “Poison” cookies by modifying them to suit an attacker’s purpose. Chapter 20describes cookie poisoning in more detail.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s