Cross Site Scripting Vulnerability With An Example

Cross Site Scripting (XSS) is vulnerability typically found in web applications which allows code injections into web pages which are viewed by others. Most of the times the code is client-side scripting code. There are many ways in which XSS vulnerabilities are exploited. Here is one such way.
  1. Mallik sends a URL to XYZ (via email or another mechanism) of a maliciously constructed web page.
  2. XYZ clicks on the link.
  3. The malicious web page's javascript opens a vulnerable HTML page on XYZ's browser.
  4. The vulnerable HTML page contains javascript which executes in XYZ's browser's local zone.
  5. Mallik's malicious script now may run commands with the privileges XYZ holds on her own browser.
Most of times these javascripts basically steals the user cookie. Lets try this out on Ibibo website. Here instead of writing javascript which posts the user cookie to some server I am simply embedding the javascript code which displays the user cookie details.
  1. Mallik sends the URL to XYZ.
  2. When XYZ clicks on this link the javascript gets executed and at that moment if user is logged into ibibo, all the cookie details will be shown (Ibibo is saving the password as well in plain format which is more dangerous if cookie gets stolen)
Basically the above link injects "<script>alert(document.alert)</script>" code into the HTML page. Attached is screenshot of what happens when user clicks on above link. In Image mp="" is blanked out because that is basically my ibibo password :). Get your web applications certified for being XSS Vulnerability free, contact us at mallik_y2k2

No comments:

Post a Comment