XSS and XSRF

XSS – Cross site Scripting:

Bypass browser security via executing a script (external) in the context of vulnerable web application.

Reflective – Click the Malicious Link àExploit success (script executed)
Persistent –

  • Hacker uploads the script on a vulnerable application and stored on the server (Eg: vulnerable Message boards, comment section etc).
  • Another unfortunate user visits the pages and gets exploited.

 

Just recently Youtube was exploited with XSS Attack due to vulnerable comment section for the videos. In Response, youtube has hidden the comments until it was patched.

 

XSS Cheetsheet – View

Remedy: User Input Sanitization

XSRF – Cross site Request Forgery:

Exploits the applications trust on the user (user’s browser)

Scenario

  • User opens banking site with his credentials [ Session Opened ]
  • User loads malicious website in another tab, which sends out a request to the bank to transfer the money to hackers account (or a moneymule) in the background (sending a POST or GET req with required parameters set).
  • Banking server executes the transaction due to existing trusted session.

 

Remediation:

Introduce randomness for a transaction, i.e., some random token for each transaction/request that break predictable request.

 

How about an XSS Attack that captures required information (randomness) and necessary parameter values that fire XSRF Attack?

Advertisements

About Uma Mahesh

A Creator/Equilizer. Creator/Equalizers are catalysts for positive, well-organized change. They never settle for the status quo. Instead, they see the opportunity for innovation in the processes that others have long taken for granted. They respect what's already operating, but they can't help but want to improve upon it. Their special combination provides innovation tempered with profound logic. They have incredible discernment. Should their efforts fail, they are unhesitating in accepting responsibility. They don't wallow in self-pity but rather see these missed attempts as critical steps on the path to success.
This entry was posted in security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s