SlideShare a Scribd company logo

Web Hacking Series Part 4

Download as PPTX, PDF
A
Aditya Kamat

This document provides an overview of cross-site scripting (XSS) attacks, including different types (reflected, stored, DOM-based), possible exploits, and examples of payloads. It discusses how XSS works by injecting client-side scripts into web pages viewed by other users. The document also covers common prevention techniques like input sanitization and output encoding to address XSS vulnerabilities.

Education
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
~ Aditya Kamat BMS College of Engineering WEB HACKING SERIES PART-4
TOPICS LEARNT TILL NOW :-- • Basics of web and a little about networks. • HTML injection. • SQL injection to bypass authentication. • Buffer overflow attack.
CONT… • Bypass Authentication Via Authentication Token Manipulation. • Session hijacking. • Brute forcing login pages using burp. • HTTP parameter pollution. • SQL injection.
WHAT WILL BE COVERED TODAY:- • Cross Site scripting (XSS) • Its prevention and the common mistakes made by developers.
BASICS OF JAVA SCRIPT:- • It is a computer programming language commonly used to create interactive effects within web browsers. • The main body of the program is usually placed in between “<script>” tags. • It is used for the front-end, hence the code can be viewed (It can be used as a back-end also).
CONT… • It is a dynamically typed language i.e the data type of the variables need not be specified in the code. • Alert() method is used to display a pop up message on the browser.
XSS PREREQUISITES: • The user’s session is stored in the form of one or more cookies in the browser. This lets the user to user use the account directly without entering the credentials every time. • The method in which the attacker obtains these cookies and logs in as the user is known as session hijacking. • Document.cookie() is a method in javascript which is used to print out all the cookies stored by the website.
HERE IS A PEEK OF MY FACEBOOK COOKIES:
WHAT IS XSS? • It is a vulnerability which enables attackers to inject client-side scripts into web pages viewed by other users. • They account for roughly 84% of all security vulnerabilities which are reported.
TYPES OF XSS : • Reflected: The payload is directly echoed back in the response. • Stored: The payload can be echoed back directly in the response but will more importantly be echoed back in the response when you come back to this page or to another page. The payload is stored in the backend of the application. • DOM-based: The payload is not echoed back in the page. It gets executed dynamically when the browser renders the page.
POSSIBLE EXPLOITS FOR XSS : • Injecting fake login forms. • Retrieving legitimate user cookies. • Injecting browser exploits. • Getting users to execute an arbitrary piece of code.
EXAMPLE 1: • This is just to get you started with XSS. • Payload: <script>alert(“xss”)</script> • This should give a pop up with “xss” on it.
EXAMPLE 2: • There is a bit of filtering with the use of regex present here. • We notice that <script> tags have been filtered. • Payload: <sCRipt>alert(1)</sCRipt>
EXAMPLE 3: • The developer has filtered out the script tags with different cases too. • This prevents us from using the previous payload. • Payload: <scr<script>ipt>alert(1)</scr</script>ipt>
EXAMPLE 4: • In this example, the developer has blacklisted the word “script”. • If this word is passed in the input, the execution stops. • Payload: <img src='zzz' onerror=alert(1) />
EXAMPLE 5: • In this example, alert() has been blocked. • We can use different methods to bypass this like confirm() and prompt() • We can also use eval and String.fromCharCode() to bypass it. • Payload: <script>confirm(1)</script>
EXAMPLE 6: • Viewing the html source, we see that the input is stored in a javascript variable. • We have to somehow terminate that statement and try inserting alert() • Payload: ";alert(1)//
EXAMPLE 7: • Special characters are not allowed because they are using html encoding. • This however does not ignore single quote. • Payload: ';alert(1)// • Use the ENT_QUOTES flag to encode single quotes also.
EXAMPLE 8: • Here, the value which is echoed is encoded. • The developer however trusts the path entered by the user by using “PHP_SELF”. • This lets us enter the payload in the URL directly. • Payload: /"><script>alert(1)</script>
EXAMPLE 9: • This is a demonstration of DOM based XSS. • It is a completely static page. • The javascript code retrieves the portion in the URL after the “#” symbol. • Payload: <script>alert(1)</script>
PREVENTION: • Take care of the places where the user gets to interact with the server. • A lot of prevention techniques are present here: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scriptin g%29_Prevention_Cheat_Sheet
REFERENCES: • Thanks to pentester labs for the ISO and the tutorials. Link: www.pentesterlab.com/exercises/web_for_pentester • List of different payloads: http://www.smeegesec.com/2012/06/collection-of-cross-site- scripting-xss.html
THANK YOU!

More Related Content

What's hot (20)

PPTX
Web application attacks
hruth
 
PDF
Common Web Application Attacks
Ahmed Sherif
 
PPTX
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
PPTX
Presentation on Web Attacks
Vivek Sinha Anurag
 
PPTX
ASP.NET View State - Security Issues
Ronan Dunne, CEH, SSCP
 
PPTX
Rapid Android Application Security Testing
Nutan Kumar Panda
 
PPTX
Dzhengis 93098 ajax - security
dzhengo44
 
PDF
Sql Injection and XSS
Mike Crabb
 
PDF
Pentesting RESTful webservices
Mohammed A. Imran
 
PDF
SignalR
Sarvesh Kushwaha
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PPT
Ruby Security
SHC
 
PDF
Ruby on Rails Security Guide
ihji
 
PDF
Web Application Security
n|u - The Open Security Community
 
PDF
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
PDF
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
PPTX
Sql Injection attacks and prevention
helloanand
 
PPTX
OWASP CSRF Protector
Minhaz A V
 
PPT
Web Hacking
Information Technology
 
PPT
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
Web application attacks
hruth
 
Common Web Application Attacks
Ahmed Sherif
 
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
Presentation on Web Attacks
Vivek Sinha Anurag
 
ASP.NET View State - Security Issues
Ronan Dunne, CEH, SSCP
 
Rapid Android Application Security Testing
Nutan Kumar Panda
 
Dzhengis 93098 ajax - security
dzhengo44
 
Sql Injection and XSS
Mike Crabb
 
Pentesting RESTful webservices
Mohammed A. Imran
 
SignalR
Sarvesh Kushwaha
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Ruby Security
SHC
 
Ruby on Rails Security Guide
ihji
 
Web Application Security
n|u - The Open Security Community
 
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Sql Injection attacks and prevention
helloanand
 
OWASP CSRF Protector
Minhaz A V
 
Web Hacking
Information Technology
 
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 

Viewers also liked (17)

PPT
Jornada Provincial "Andalucía Profundiza", 2016
fengchuishaster
 
PDF
Infographie : le groupe Bolloré
Claude Chollet
 
PDF
International Conference at MET IOM Dec. 2016
Dr. Sonali Gadekar
 
PPTX
Implementing new technology skills guide
rdlteam
 
PDF
La pregunta para la que no me puedo decidir
Ivan Vladimir Meza-Ruiz
 
PDF
Afnd, afnd e y er
Ivan Vladimir Meza-Ruiz
 
PDF
De qué tamaño es mi problema
Ivan Vladimir Meza-Ruiz
 
PPTX
Pocket Guide to Delivering Effective Presentations
rdlteam
 
PDF
Revisión de problemas
Ivan Vladimir Meza-Ruiz
 
PDF
Depende del contexto
Ivan Vladimir Meza-Ruiz
 
PDF
Problemas con conjuntos
Ivan Vladimir Meza-Ruiz
 
PDF
1st international conference-2016-met institute of management, nashik
Dr. Sonali Gadekar
 
PDF
Jan Rutten - Concrete coalgebra: an introduction by examples - Lecture 1
Mohammad Nosrati
 
PDF
1st international conference-2016-met institute of management, nashik
Dr. Sonali Gadekar
 
PDF
Máquinas que comen máquinas
Ivan Vladimir Meza-Ruiz
 
PDF
Abro paréntesis, abro paréntesis, cierro parentesis, .
Ivan Vladimir Meza-Ruiz
 
DOC
Imran CV[1]
imran nazir
 
Jornada Provincial "Andalucía Profundiza", 2016
fengchuishaster
 
Infographie : le groupe Bolloré
Claude Chollet
 
International Conference at MET IOM Dec. 2016
Dr. Sonali Gadekar
 
Implementing new technology skills guide
rdlteam
 
La pregunta para la que no me puedo decidir
Ivan Vladimir Meza-Ruiz
 
Afnd, afnd e y er
Ivan Vladimir Meza-Ruiz
 
De qué tamaño es mi problema
Ivan Vladimir Meza-Ruiz
 
Pocket Guide to Delivering Effective Presentations
rdlteam
 
Revisión de problemas
Ivan Vladimir Meza-Ruiz
 
Depende del contexto
Ivan Vladimir Meza-Ruiz
 
Problemas con conjuntos
Ivan Vladimir Meza-Ruiz
 
1st international conference-2016-met institute of management, nashik
Dr. Sonali Gadekar
 
Jan Rutten - Concrete coalgebra: an introduction by examples - Lecture 1
Mohammad Nosrati
 
1st international conference-2016-met institute of management, nashik
Dr. Sonali Gadekar
 
Máquinas que comen máquinas
Ivan Vladimir Meza-Ruiz
 
Abro paréntesis, abro paréntesis, cierro parentesis, .
Ivan Vladimir Meza-Ruiz
 
Imran CV[1]
imran nazir
 

Similar to Web Hacking Series Part 4 (20)

PDF
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
PDF
XSS Exploitation
Hacking Articles
 
PPTX
Cross Site Scripting
Ali Mattash
 
PDF
xss-100908063522-phpapp02.pdf
yashvirsingh48
 
KEY
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
 
PDF
Session7-XSS & CSRF
zakieh alizadeh
 
DOCX
Pantallas escaneo Sitio Web
andres1422
 
PDF
Evolution Of Web Security
Chris Shiflett
 
PDF
Complete xss walkthrough
Ahmed Elhady Mohamed
 
ODP
XSS
Hrishikesh Mishra
 
PDF
The Cross Site Scripting Guide
Daisuke_Dan
 
PPT
Cross site scripting (xss)
Manish Kumar
 
PPT
XSS Primer - Noob to Pro in 1 hour
snoopythesecuritydog
 
PDF
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET Journal
 
PPTX
Lec4-WebClientSideExploitation.pptxdslkjhgfkjdshgfkjfhdkjg
arfaouisalim
 
PPTX
Cross-Site Scripting (XSS)
Daniel Tumser
 
PDF
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
PPTX
Cross Site Scripting (XSS)
Barrel Software
 
PPTX
Cross Site Scripting: Prevention and Detection(XSS)
Aman Singh
 
PPTX
04. xss and encoding
Eoin Keary
 
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
XSS Exploitation
Hacking Articles
 
Cross Site Scripting
Ali Mattash
 
xss-100908063522-phpapp02.pdf
yashvirsingh48
 
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
 
Session7-XSS & CSRF
zakieh alizadeh
 
Pantallas escaneo Sitio Web
andres1422
 
Evolution Of Web Security
Chris Shiflett
 
Complete xss walkthrough
Ahmed Elhady Mohamed
 
XSS
Hrishikesh Mishra
 
The Cross Site Scripting Guide
Daisuke_Dan
 
Cross site scripting (xss)
Manish Kumar
 
XSS Primer - Noob to Pro in 1 hour
snoopythesecuritydog
 
IRJET- A Survey on Various Cross-Site Scripting Attacks and Few Prevention Ap...
IRJET Journal
 
Lec4-WebClientSideExploitation.pptxdslkjhgfkjdshgfkjfhdkjg
arfaouisalim
 
Cross-Site Scripting (XSS)
Daniel Tumser
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
Cross Site Scripting (XSS)
Barrel Software
 
Cross Site Scripting: Prevention and Detection(XSS)
Aman Singh
 
04. xss and encoding
Eoin Keary
 

Recently uploaded (20)

PPTX
Capitol Doctoral Presentation -July 2025.pptx
CapitolTechU
 
PDF
Federal dollars withheld by district, charter, grant recipient
Mebane Rash
 
PDF
CONCURSO DE POESIA “POETUFAS – PASSOS SUAVES PELO VERSO.pdf
Colégio Santa Teresinha
 
PPTX
Nutri-QUIZ-Bee-Elementary.pptx...................
ferdinandsanbuenaven
 
PPTX
PPT on the Development of Education in the Victorian England
Beena E S
 
PDF
IMP NAAC REFORMS 2024 - 10 Attributes.pdf
BHARTIWADEKAR
 
PPTX
Views on Education of Indian Thinkers Mahatma Gandhi.pptx
ShrutiMahanta1
 
PPTX
Explorando Recursos do Summer '25: Dicas Essenciais - 02
Mauricio Alexandre Silva
 
PPTX
LEGAL ASPECTS OF PSYCHIATRUC NURSING.pptx
PoojaSen20
 
PDF
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
PPTX
CONVULSIVE DISORDERS: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
PPTX
Pyhton with Mysql to perform CRUD operations.pptx
Ramakrishna Reddy Bijjam
 
PPTX
Optimizing Cancer Screening With MCED Technologies: From Science to Practical...
i3 Health
 
PPTX
HYDROCEPHALUS: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
PPTX
Latest Features in Odoo 18 - Odoo slides
Celine George
 
PDF
1, 2, 3… E MAIS UM CICLO CHEGA AO FIM!.pdf
Colégio Santa Teresinha
 
PPTX
How to Manage Access Rights & User Types in Odoo 18
Celine George
 
PPTX
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 
PDF
Zoology (Animal Physiology) practical Manual
raviralanaresh2
 
PPSX
Health Planning in india - Unit 03 - CHN 2 - GNM 3RD YEAR.ppsx
Priyanshu Anand
 
Capitol Doctoral Presentation -July 2025.pptx
CapitolTechU
 
Federal dollars withheld by district, charter, grant recipient
Mebane Rash
 
CONCURSO DE POESIA “POETUFAS – PASSOS SUAVES PELO VERSO.pdf
Colégio Santa Teresinha
 
Nutri-QUIZ-Bee-Elementary.pptx...................
ferdinandsanbuenaven
 
PPT on the Development of Education in the Victorian England
Beena E S
 
IMP NAAC REFORMS 2024 - 10 Attributes.pdf
BHARTIWADEKAR
 
Views on Education of Indian Thinkers Mahatma Gandhi.pptx
ShrutiMahanta1
 
Explorando Recursos do Summer '25: Dicas Essenciais - 02
Mauricio Alexandre Silva
 
LEGAL ASPECTS OF PSYCHIATRUC NURSING.pptx
PoojaSen20
 
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
CONVULSIVE DISORDERS: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
Pyhton with Mysql to perform CRUD operations.pptx
Ramakrishna Reddy Bijjam
 
Optimizing Cancer Screening With MCED Technologies: From Science to Practical...
i3 Health
 
HYDROCEPHALUS: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
Latest Features in Odoo 18 - Odoo slides
Celine George
 
1, 2, 3… E MAIS UM CICLO CHEGA AO FIM!.pdf
Colégio Santa Teresinha
 
How to Manage Access Rights & User Types in Odoo 18
Celine George
 
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 
Zoology (Animal Physiology) practical Manual
raviralanaresh2
 
Health Planning in india - Unit 03 - CHN 2 - GNM 3RD YEAR.ppsx
Priyanshu Anand
 

Web Hacking Series Part 4

  • 1. ~ Aditya Kamat BMS College of Engineering WEB HACKING SERIES PART-4
  • 2. TOPICS LEARNT TILL NOW :-- • Basics of web and a little about networks. • HTML injection. • SQL injection to bypass authentication. • Buffer overflow attack.
  • 3. CONT… • Bypass Authentication Via Authentication Token Manipulation. • Session hijacking. • Brute forcing login pages using burp. • HTTP parameter pollution. • SQL injection.
  • 4. WHAT WILL BE COVERED TODAY:- • Cross Site scripting (XSS) • Its prevention and the common mistakes made by developers.
  • 5. BASICS OF JAVA SCRIPT:- • It is a computer programming language commonly used to create interactive effects within web browsers. • The main body of the program is usually placed in between “<script>” tags. • It is used for the front-end, hence the code can be viewed (It can be used as a back-end also).
  • 6. CONT… • It is a dynamically typed language i.e the data type of the variables need not be specified in the code. • Alert() method is used to display a pop up message on the browser.
  • 7. XSS PREREQUISITES: • The user’s session is stored in the form of one or more cookies in the browser. This lets the user to user use the account directly without entering the credentials every time. • The method in which the attacker obtains these cookies and logs in as the user is known as session hijacking. • Document.cookie() is a method in javascript which is used to print out all the cookies stored by the website.
  • 8. HERE IS A PEEK OF MY FACEBOOK COOKIES:
  • 9. WHAT IS XSS? • It is a vulnerability which enables attackers to inject client-side scripts into web pages viewed by other users. • They account for roughly 84% of all security vulnerabilities which are reported.
  • 10. TYPES OF XSS : • Reflected: The payload is directly echoed back in the response. • Stored: The payload can be echoed back directly in the response but will more importantly be echoed back in the response when you come back to this page or to another page. The payload is stored in the backend of the application. • DOM-based: The payload is not echoed back in the page. It gets executed dynamically when the browser renders the page.
  • 11. POSSIBLE EXPLOITS FOR XSS : • Injecting fake login forms. • Retrieving legitimate user cookies. • Injecting browser exploits. • Getting users to execute an arbitrary piece of code.
  • 12. EXAMPLE 1: • This is just to get you started with XSS. • Payload: <script>alert(“xss”)</script> • This should give a pop up with “xss” on it.
  • 13. EXAMPLE 2: • There is a bit of filtering with the use of regex present here. • We notice that <script> tags have been filtered. • Payload: <sCRipt>alert(1)</sCRipt>
  • 14. EXAMPLE 3: • The developer has filtered out the script tags with different cases too. • This prevents us from using the previous payload. • Payload: <scr<script>ipt>alert(1)</scr</script>ipt>
  • 15. EXAMPLE 4: • In this example, the developer has blacklisted the word “script”. • If this word is passed in the input, the execution stops. • Payload: <img src='zzz' onerror=alert(1) />
  • 16. EXAMPLE 5: • In this example, alert() has been blocked. • We can use different methods to bypass this like confirm() and prompt() • We can also use eval and String.fromCharCode() to bypass it. • Payload: <script>confirm(1)</script>
  • 17. EXAMPLE 6: • Viewing the html source, we see that the input is stored in a javascript variable. • We have to somehow terminate that statement and try inserting alert() • Payload: ";alert(1)//
  • 18. EXAMPLE 7: • Special characters are not allowed because they are using html encoding. • This however does not ignore single quote. • Payload: ';alert(1)// • Use the ENT_QUOTES flag to encode single quotes also.
  • 19. EXAMPLE 8: • Here, the value which is echoed is encoded. • The developer however trusts the path entered by the user by using “PHP_SELF”. • This lets us enter the payload in the URL directly. • Payload: /"><script>alert(1)</script>
  • 20. EXAMPLE 9: • This is a demonstration of DOM based XSS. • It is a completely static page. • The javascript code retrieves the portion in the URL after the “#” symbol. • Payload: <script>alert(1)</script>
  • 21. PREVENTION: • Take care of the places where the user gets to interact with the server. • A lot of prevention techniques are present here: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scriptin g%29_Prevention_Cheat_Sheet
  • 22. REFERENCES: • Thanks to pentester labs for the ISO and the tutorials. Link: www.pentesterlab.com/exercises/web_for_pentester • List of different payloads: http://www.smeegesec.com/2012/06/collection-of-cross-site- scripting-xss.html