BLACK HAT

BLACK HAT
REMEMBER ME

Wednesday, 24 June 2015

XSS ATTACK!

Cross-Site Scripting (XSS) vulnerabilities are very often misunderstood and not given the due
concern and attention they deserve by vendors. XSS is the preferred acronym for “Cross-Site
Scripting” simply to minimize the

Read more
confusion with Cascading Style Sheets (CSS). Simply put, a
web application vulnerable to XSS allows a user to inadvertently send malicious data to him or
herself through that application.
Attackers often perform XSS exploitation by crafting malicious
URLs and tricking users into clicking on them. These links cause client side scripting languages
(VBScript, JavaScript, etc.) of the attacker’s choice to execute on the victim’s browser. XSS
vulnerabilities are caused by a failure in the web application to properly validate user input.
The following are a few actual XSS vulnerability exploits with embedded JavaScript
(highlighted) able to execute on the user’s browser with the same permissions of the vulnerable
website domain7:
• http://www.microsoft.com/education/?ID=MCTN&target=http://www.microsoft
.com/education/?ID=MCTN&target="><script>alert(document.cookie)</script
>
• http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=<script
>alert(‘Test’);</script>
• http://www.shopnbc.com/listing.asp?qu=<script>alert(document.cookie)</s
cript>&frompage=4&page=1&ct=VVTV&mh=0&sh=0&RN=1
• http://www.oracle.co.jp/mts_sem_owa/MTS_SEM/im_search_exe?search_text=%
22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E.

The most common web components that fall victim to XSS vulnerabilities include CGI scripts,
search engines, interactive bulletin boards, and custom error pages with poorly written input
validation routines. Additionally, a victim doesn’t necessarily have to click on a link; XSS code
can also be made to load automatically in an HTML e-mail with certain manipulations of the
IMG or IFRAME HTML tags (much like the Badtrans worm). There are numerous ways to
inject JavaScript code into URLs for the purpose of a XSS attack10.
The “Cross-Site” part of XSS refers to the security restrictions that a web browser usually places
on data (i.e. cookies, dynamic HTML page attributes, etc.) associated with a dynamic website.
By causing the user’s browser to execute rogue script snippets under the same permissions of the
web application domain, an attacker can bypass the traditional Document Object Model (DOM)
security restrictions which can result not only in cookie theft but account hijacking, changing of
web application account settings, spreading of a webmail worm, etc11. The DOM12 is a
conceptual framework for allowing scripts to make changes to dynamic web content and
10 a sampling of XSS examples taken from http://online.securityfocus.com/archive/1/272037/2002-05-
09/2002-05-15/0:
<a href="javas&#99;ript&#35;[code]">
<div onmouseover="[code]">
<img src="javascript:[code]">
<img dynsrc="javascript:[code]">
<input type="image" dynsrc="javascript:[code]">
<bgsound src="javascript:[code]">
&<script>[code]</script>
&{[code]};
<img src=&{[code]};>
<link rel="stylesheet" href="javascript:[code]">
<iframe src="vbscript:[code]">
<img src="mocha:[code]">
<img src="livescript:[code]">
<a href="about:<s&#99;ript>[code]</script>">
<meta http-equiv="refresh" content="0;url=javascript:[code]">
<body onload="[code]">
<div style="background-image: url(javascript:[code]);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
<div style="width: expression([code]);">
<style type="text/javascript">[code]</style>
<object classid="clsid:..." codebase="javascript:[code]">
<style><!--</style><script>[code]//--></script>
<![CDATA[<!--]]><script>[code]//--></script>
<!-- -- --><script>[code]</script><!-- -- -->
<<script>[code]</script>
<img src="blah"onmouseover="[code]">
<img src="blah>" onmouseover="[code]">
<xml src="javascript:[code]">
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>[code][\xC0][\xBC]/script>
11 see http://www.cgisecurity.com/articles/xss-faq.shtml
12 http://www.w3.org/DOM
 iDEFENSE Inc. iALERT White Paper – PUBLIC RELEASE VERSION
normally is implemented using the web browser’s security settings, to prevent such things as
malicious websites from retrieving cookies values from other domains.
As mentioned previously, cookie stealing is only one of the many implications of XSS attacks.
By subverting client side scripting languages, an attacker can take full control over the victim’s
browser. This also has more insidious ramifications against users of a web application domain if
the attacker chooses to exploit a vulnerability in the browser in order to gain access to the
underlying operating system.

2 comments:

  1. He is no scam,i tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all i had to do was to settle the bills for the tools on the job,i used $500 to get a job of over $50000 done all thanks to Walt,he saved me from all my troubles,sharing this is how i can show gratitude in return for all he has done for me and my family

    Gmail; Brillianthackers800@gmail.com
    Whatsapp number; +1(224)2140835

    ReplyDelete
  2. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk & high credit 700+

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of Tools & Tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete