1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Understanding XSS Attacks ...

Discussion in 'Security' started by pepe_lepew1962, Jan 25, 2012.

  1. #1
    Hello:
    SEMrush
    I am really trying to understand XSS attacks and can't seem to wrap my head around it, I would rather seem like a fool than program like one with holes in it. My problem
    is understanding how an attack occurs. Let's say Mary logs into the system and creates a record in the table via an html form. I have php filters and validation for the data
    before it actually goes into mysql table. My question is how does John attack my website? Or more important, how does he actually change files? If he were to have a log in and gains access because it doesn't take much to register, how? Is it a matter of the filter being bad and his XSS scipt is in a record and when someone open/views that
    record (field) the script is launched? I have read lots on how the javascript, for example, is placed in the url or form fields but nothing explains whether the
    information is saved and launched via the record stored in the database.
     
    pepe_lepew1962, Jan 25, 2012 IP
    SEMrush
  2. HostingLynx

    HostingLynx Active Member

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    83
    Articles:
    10
    #2
    There are two types of XSS attacks.
    Stored(Persistant) and Reflective.

    Persistant XSS attacks seem to be what your concered most about. Persistant Cross Site Scripting(xss) means that the xss code is somehow saved into either the actual source code, or in a database. Here is an example

    Mary owns a art website and on one of her art peices there is a little comment form on the page and that page also displays comments that people have posted about that art. Now when someone submits a comment it stores there comment in a database, mysql for example. Now everytime someone loads that art page the coments load along with it.
    Now hacker john finds that comment system and decides to inject his XSS code
    <script>alert('hackerjohnwuzhere')</script>
    Now when he clicks submit if the proccessing script does not filter those tags that string will be stored in the mysql database as he submited it.
    Then when someone loads the art page, all the comments are loaded along with comment of hacker johns. Since those are html tags and no filters were put in place the loading page reads that as if the code was suppose to be there and presents a popup saying "hackerjohnwuzhere"
    For that type of attack to be prevnted you would need to have the filters put in the code that proccesses the data before it goes into the database.


    I have lots of experiance with web explotation, so if you need someone to pentest your site shoot me a PM or email me

    Here are some extra documents to explain things better then I could:
    owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
    securitytube.net/video/459
     
    HostingLynx, Feb 6, 2012 IP
  3. BigTim3

    BigTim3 Guest

    Messages:
    266
    Likes Received:
    1
    Best Answers:
    2
    Trophy Points:
    0
    #3
    XSS are more client based side. theres a good article on how they can become very dangerous and spread like a virus
     
    BigTim3, Feb 17, 2012 IP