XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

Allow an attacker to inject javascript code into the page.

The code is executed when the page loads.

The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS

2. Reflected XSS

3. DOM-based XSS

Discovering XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    • http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL.
  • EX:
    • http://target.com/page.php?something=<script>alert("XSS")</script>

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

EXPLOITING XSS

  • Run any javascript code.
  • The BeEF framework can be used to hook targets.
  • Inject BeEF hook in vulnerable pages.
  • Execute code from BeEF.

1. Start BeEF

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

2. Sigh the hook script to Stored XSS page.

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

3. The computer which visits the URL http://10.0.0.24/dvwa/vulnerabilities/xss_s/ will get hooked to BeEF.

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

4. Then you can use Commands in BeEF.

Ethical Hacking - Web Penetration Testing(12)-LMLPHP

PREVENTING XSS VULNS

  • Minimize the usage of user input on HTML.
  • Escape any untrusted input before inserting it into the page.

For more information about XSS Prevention Cheat Sheet, please visit the following website:

https://owasp.org/www-project-cheat-sheets/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

05-22 06:22