XSS Attack – Busting Browsers to Root!

Viewing 4 reply threads
  • Author
    Posts
    • #6629
      t0rh4cker
      Participant

      This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

      1) We will use a cross-site scripting vulnerability as the initial attack vector
      2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
      3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
      4) Elevate our privileges to system-level

      QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors.  Can you spot them all? 

      FREEBIE: DVWA web server & IE8 browser security settings allow unencrypted XSS attack string to be sent during an SSL session.  “Submit non-encrypted form data- ENABLED”
      What else? ???

      http://vimeo.com/26751019

    • #41184
      MaXe
      Participant

      @t0rh4cker wrote:

      QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors.  Can you spot them all? 

      FREEBIE: DVWA web server & IE8 browser security settings allow unencrypted XSS attack string to be sent during an SSL session.  “Submit non-encrypted form data- ENABLED”
      What else? ???

      http://vimeo.com/26751019

      I didn’t watch the video yet, however now I’m just guessing the security controls, I get free cookies if I win right?  ;D

      Security Controls / Applications Preventing XSS:
      – NoScript (Browser Addon)
      – Anti-Virus System (Some detects and blocks XSS payloads)
      – HIPS (Host-based Intrusion Prevention System, similar to an Anti-Virus system somewhat.)
      – Patch Management (Staying updated and patched from known vulnerabilities.)
      – Other browsers with Sandboxes (e.g. Chrome), or sandboxing a browser.
      – Virtual Machines / Jailing (Using a browser in a virtual machine that is only used for that.)
      – Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
      – SPI Firewall (Can detect and remove malicious data.)

      And so forth.. Just a few ideas I had  🙂

    • #41185
      t0rh4cker
      Participant

      ding! ding! ding! and Maxe the cyborg takes the lead!

      #2 – Patch Management (Staying updated and patched from known vulnerabilities.)

      Updating to the latest browser versions like IE8 has a built-in XSS filter.  It was disabled for the video.

      #3 – Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
      Use the proxy to block outbound access to a known “Evil_IP” or Egress Filtering? So technically your proxy server answer should do the trick.

    • #41186
      MaXe
      Participant

      @t0rh4cker wrote:

      ding! ding! ding! and Maxe the cyborg takes the lead!

      #3 – Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
      Use the proxy to block outbound access to a known “Evil_IP” or Egress Filtering? So technically your proxy server answer should do the trick.

      I laughed IRL, and yeah that’s what I meant about the proxy server too.  🙂

    • #41187
      jonas
      Participant

      Great Video! Thanks.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?