Wikipedia explains cross-site scripting vulnerabilities (XSS)
Attackers intending to exploit cross-site scripting vulnerabilities must approach each class of vulnerability differently. For each class, a specific attack vector is described here. The names below are technical terms, taken from the cast of characters commonly used in computer security.
Non-persistent:
- Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information.
- Mallory observes that Bob's website contains a reflected XSS vulnerability.
- Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob's website, but will contain Mallory's malicious code, which the website will reflect.
- Alice visits the URL provided by Mallory while logged into Bob's website.
- The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server (this is the actual XSS vulnerability). The script can be used to send Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc) without Alice's knowledge.
Persistent attack:
- Mallory posts a message with malicious payload to a social network.
- When Bob reads the message, Mallory's XSS steals Bob's cookie.
- Mallory can now hijack Bob's session and impersonate Bob.
Framework:
A Browser Exploitation Framework could be used to attack the web site and the user's local environment.
XSS protection are possible in new browsers sometimes like options. It can cost you performance bur you will win security. It is your choice.
Aucun commentaire:
Enregistrer un commentaire