Reply to comment
My site under XSS attack
Submitted by Arancaytar on Fri, 08/17/2007 - 21:36 – No commentsSo I was sifting through my logs and found a well-executed, actual XSS attack on one of my pages in the Ermarian Network.
As XSS attacks go, it was fairly harmless: The attacker injected an HTML link that was displayed after the form field; the HTML link did not go anywhere. Really a proof of concept, and an (intentional?) heads up that I should secure my site better.
The code of this textbook exploit, shown below, shows that even a perfectly valid XHTML page is not proof against such attacks - the attacker merely has to ensure that XML validity is maintained (and even that only in Firefox).
For those unfamiliar with XSS: This is not a danger to the site or my account, but to its users. Anyone who follows this link lying on a (trustworthy) ermarian.net domain will see links to the attacker's website, or execute the attacker's Javascript code, which even NoScript will show as coming from the (trustworthy) ermarian.net website.
Note the text entered by the user:
x"></input><a href="rolf">LOL</a>
The quote "closes" the value, then the code completes and closes the tag, then it prints a link. Very neat. The same function could be used to arbitrarily execute Javascript into the ermarian.net scope, which would allow that script to access any (non-existant) sensitive information such as login sessions.
Be right back, fixing my scripts to escape user input.
- Arancaytar's blog
- 536 reads
Reply
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| -3 | -2 | -1 | 0 | 1 | 2 | 3 |
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Recent comments
-
Alternatives
-
No, it's just the amount of
-
Not bad
-
Possible solution
-
I agree
more
