So maybe you've heard of XSS and maybe you haven't. For those that haven't here's a snippet from Wikipedia that may catch you up to speed:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.
So what does a XSS vulnerability look like? An example of a URL injection vulnerability would appear like:
CODE:Minus the spacing between < script> and < /script>.
-------------------
http://example.com/search.php?search=">< script>alert('This is an XSS Vulnerability!')< /script>
What does this do? It shows a popup saying "This is an XSS Vulnerability!"
Why is that important? Because, my dear little friend, this example shows that you can run scripts and if you can run scripts you can be a naughty boy (or girl).
Like what? Tsk tsk... shame on you you for asking. Buuuut... you can inject snippets of code (or link to remote .js files) that can do anything from copying the victims cookies from a "cookie catcher" (which gives you ability to "session ride" or login as the poor bastard) to putting your own content on the web page such as banner adverts, url redirection, frames, and all other sorts of chaos.
But how do we snag a victim? Simple. With our example, a URL injection, we send them the link with malicious code in it. They click it, and boom! Done. However, something of this nature sure seem suspicious... nobody is going to click on a link with all that script stuff in there, I know i wouldn't.
What we need to do is obfuscate the code. You can do this with URL Encoding and Javascript "Obfuscators".
URL Encoding and "Obfuscators"
URL Encoding will convert certain characters into multiple symbols...
The above example would be encoded to look like this:
CODE:-------------------http://example.com/search.php?search=%22%3E%3C%20script%3Ealert('This%20is%20an%20XSS%20Vulnerability!')%3C%20%20/script%3E
If you're curious about how URL Encoding works you can click here for more information.
Javascript "Obfuscators", as they call themselves, is javascript code that has purposely been made difficult to understand/read. It's often used as a way to deter reverse engineering and makes for a good puzzle for us Cubical Geeks.
Here's an example of what our example would look like if we obfuscated it:
As you can see the code has become very difficult to read. The victim may be less paranoid of what the link does. But this isn't quite good enough is it? Let's try combining URL Encoding with Javascript Obfuscation!CODE:-------------------http://example.com/search.php?search=">< script>var _0xaeb2=["\x54\x68\x69\x73\x20\x69\x73\x20\x61\x6E\x20\x58\x53\x53\x20\x56\x75\x6C\x6E\x65\x72\x61\x62\x69\x6C\x69\x74\x79\x21"];alert(_0xaeb2[0]);< /script>
Now it looks fairly harmless. Kind of hard to make out what the hell you're trying to do! The final step would be to shorten the entire link with a service such as that of TinyURL.CODE:-------------------http://example.com/search.php?search=%22%3E%3C%20%20script%3Evar%20_0xaeb2%3D%5B%22%5Cx54%5Cx68%5Cx69%5Cx73%5Cx20%5Cx69%5Cx73%5Cx20%5C x61%5Cx6E%5Cx20%5Cx58%5Cx53%5Cx53%5Cx20%5Cx56%5Cx75%5Cx 6C%5Cx6E%5Cx65%5Cx72%5Cx61%5Cx62%5Cx69%5Cx6C%5Cx69%5Cx74% 5Cx79%5Cx21%22%5D%3Balert(_0xaeb2%5B0%5D)%3B%3C%20%20%2Fscript%3E%0A
Our final URL Injection product would look like this:
That ain't very suspicious now is it?CODE:-------------------http://tinyurl.com/23fkjdo
And that, my children, is how a basic XSS vulnerability gets to YOU.
--Cface
Links:
URL Encoder/Decoder
Javascript Obfuscator
Posts
No comments:
Post a Comment