October 24th, 2002, 10:11 PM
Help make me to understand
Hello , I was hopeing someone or some people could explain something to me.
I have been seeing alot about cross site scripting problems and all the demo's show Just a box that comes up and says testing. I know that that is just a non-dangerous way of showing that it is there. What all can be done besides this box that says testing.
I am not asking how to do it , nor am I going to go off and attempt to try it , I just want to understand the risks with cross site scripting. Like is java script the only script that can be run with it or if the server has php installed will it run that script too.
I also know that you can read cookie files with java, but what I dont understand is how can that do anything. Wont they ( hacker ) be reading their own cookie on their own computer or can you somehow access other computers. And also arent most cookies usernames or passwords encrypted with MD5.
look forward to your answers
October 24th, 2002, 10:27 PM
Just to give the uninformed a little background on what cross-site scripting is:
Entire description here.
A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user. ...
/* You are not expected to understand this. */
October 24th, 2002, 10:36 PM
Ok but how is this person getting these cookies? Cookies arent stored on the server right. They are stored on that users machine.
So lets say this forum was suseptable to this type of attack. You are hacker and I am user. You do your <scr!pt>alert(document.cookie)</scr!pt> but wouldnt it be returning your own cookie instead of someone elses? I just dont understand how using a script like that in some search feild would give access to other peoples cookies.
actually I think i know , it would be done threw private messages. Crafting a message to pull the cookie off of the users computer and then have it write to some server. So if there is no private message function in vuln software you would be safe from other people stealing cookies of peoples computer?
Sorry if these questions seem stupid i am just trying to figure this out
October 24th, 2002, 10:59 PM
That is the general problem with XSS, it is easy to prove that the problem is there, but it is very hard to generate one that is a vulnerability. What I mean is that most XSS will only effect the person who's computer it is. This of course does no damage.
The problem faced is how to get the data from the users machine to another. The most common why is to generate a script that redirects the user to a page on another site, with the information attached. From here they are sent back to next page they should see. You can't send back to the page they where at because it will cause a loop.
So you have a way to send the data, but how do you do it with out getting found out. Problem the address of the site you sent them to is hard coded on the vulnerable site. This means that it will all to easy to trace the trail back to you.
This is just one way there are many different ones.
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"