Cross Site Scripting

Cross-site Scripting (XSS) is a client-side code injection attack. Using this technique, an attacker can execute malicious scripts into a legitimate website or web application. This server has a vulnerability that allows an attacker to send malicious code to the user. A browser cannot foresee the script on the website. So, it cannot judge if a website should be trusted or not. The browser will execute the script allowing the attacker to access any cookie or session token retained by the browser.

An attacker can use the XSS attack to send a malicious script to the end user. The end user doesn’t know if the source of the script is legit or not and the user still executes the script. Due to this irresponsible move, the end user will allow the attacker to access any cookies, session tokens, or other sensitive information retained by the browser. The attacker will use this information to intensify the attack. These scripts can do any changes in the application and worst case; this attack can change the content of the HTML page.

Type of Cross-site Scripting (XSS)

Example

The below code is vulnerable to cross-site scripting.

        print "<html>"
        print "<h1>Most recent comment</h1>"
        print database.latestComment
        print "</html>"

    

Consider the below error page. This page is displayed for 404 not found error. This handles the requests using PHP.

        <html>
        <body>
        
        <? php
        print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
        ?>
        
        </body>
        </html>

    

The attacker will try to execute a non-existing URL.

        https://www.example.beaglesecurity.com/file_which_not_exist

    

The following result is the usual output for these requests.

Not found: /file_which_not_exist

The attacker will request the below code to execute the attack.

        https://www.example.beaglesecurity.com/<script>alert("TEST");</script>

    

An XSS vulnerable site will give the below output for the above URL input.

        Not found: / (but with JavaScript code <script>alert("TEST");</script>)

    

The above result shows that the attack was successful. The attacker can access sensitive data through session cookie using this method.

Impact

The issues include:-

  • Data corruption
  • Data Breach
  • The complete shutdown of the server

Mitigation / Precaution

Beagle recommends the following fixes:-

  • The application should filter metacharacters from user input.
  • Update plugins to latest versions.

Latest Articles