Monday, 1 February 2016

What is XSS (Concept & Scope)

XSS or CSS both are abbreviation of cross site scripting.
It is one of the most common application level attack. It consists of three parties unlike traditional two party attacks. The three parties are:

  1.  Attacker / Hacker
  2.  Vulnerable Site
  3.  Client / Victim

Let us call the site under attack "" now for a XSS attack to execute there should be a script and this script when executes can get cookies of client browser for that vulnerable site. Why is this allowed? It is allowed because the Javascript model allows the script to execute arriving from a particular site. So the script will execute in the clients browser.

This kind of link will look like :

The victim will click the link  and the response would be a pop up window showing the cookies of the client to himself off course an attacker will redirect the output  to himself and not to the client. For this the attacker may erect a web site and use a script to receive the cookies. Instead of popping up the window the attacker would write a code that accesses the URL at his site.
The malicious link would look like: "the script for the cookies"

And in reponse the attacker would get all the cookies.

Scope of an XSS attack. 

The attack can occur only at the victim side and it is to reminded that the same browser is used for accessing the vulnerable site. The attacker needs to force the client to access the malicious link. This can happen in several ways:

  1. The attacker sends an email containing an HTML page that forces the browser to access the link. This requires the victim use the HTML enabled email client, and the HTML viewer at the client is the same browser used for accessing
  2. The client visits a site, perhaps operated by the attacker, where a link to an image or otherwise active HTML forces the browser to access the link. Again, it is mandatory that the same browser be used for accessing this site and
The malicious Javascript can access:

  1. Permanent cookies of ( maintained by the browser.
  2. RAM cookies (of maintained by this instance of the browser, only whenit is currently browsing
  3. Names of other windows opened for

No comments:

Post a Comment