even though cross site scripting is more considered as a client or user based
attack we did separate it in a dedicated part due to its importance and varieties of exploitation scenarios as we can differentiate three main categories of CSS
attacks:
- Echo or reflected attack: in this category the attack depends on the existence of page men to be a convenience but it become a vulnerability due to full or partial reflection of the entered information as is.
- Stored Script attack: this category covers the attacks based on the attacker being able to store contents on the server side without being sanitized that will be available to other users.
- Data Object Model attack: The attacker in this category depends on the updating the Data Object Model of the document to cause change on the page not on the reflection of information through the server.
Echo or reflection based XSS
Attack requirement:
A. The user access a page that contains a vulnerable page with echo
B. No sanitization is applied on the reflected input passed to that page
Attack process:
A. The attacker creates a link to the trusted site containing the vulnerable echo page passing the JavaScript as parameter.
B. The server will send the response containing the inserted script.
C. The client executes the JavaScript and containing any special message or forwarding request to phished site or simply send back session information which will help the attacker in initiating a session hijacking.
Example:
A. The attacker creates an email containing a link as follow:
<a href=”http://theTrustedVulnerableSite.com /echoPage.php?message=” >Visit page
B. The echo page will generate the page containing the script, the script will
be executed and show the alert.in real life example the payload script can
be s script that sends session cookie information automatically to
attacker.
0 comments: