Help make me to understand
Results 1 to 4 of 4

Thread: Help make me to understand

  1. #1
    Member
    Join Date
    Oct 2002
    Posts
    32

    Help make me to understand

    Hello , I was hopeing someone or some people could explain something to me.

    I have been seeing alot about cross site scripting problems and all the demo's show Just a box that comes up and says testing. I know that that is just a non-dangerous way of showing that it is there. What all can be done besides this box that says testing.

    I am not asking how to do it , nor am I going to go off and attempt to try it , I just want to understand the risks with cross site scripting. Like is java script the only script that can be run with it or if the server has php installed will it run that script too.

    I also know that you can read cookie files with java, but what I dont understand is how can that do anything. Wont they ( hacker ) be reading their own cookie on their own computer or can you somehow access other computers. And also arent most cookies usernames or passwords encrypted with MD5.

    look forward to your answers

  2. #2
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Just to give the uninformed a little background on what cross-site scripting is:


    A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user. ...
    Entire description here.

    As for your first question about other languages, I believe that if JavaScript can perform this, then it's quite possible that asp, php, java, and perhaps even dhtml may be able to run variants of this type of web-wildlife.

    As for your second question, passwords may or may not be stored encrypted. I would think it all depends on how the site wants to store the information. I imagine a large number of sites store password information in plain text with the notion that only the user would be able to retrieve that data, and they already know their password! However, passwords are only the tip of the iceberg. Many websites use cookies to store credit-card information, shopping habits, last purchases, and surfing activity. All of this is private information that has become vulnerable to cross-scripting activities.
    /* You are not expected to understand this. */

  3. #3
    Member
    Join Date
    Oct 2002
    Posts
    32
    Ok but how is this person getting these cookies? Cookies arent stored on the server right. They are stored on that users machine.

    So lets say this forum was suseptable to this type of attack. You are hacker and I am user. You do your <scr!pt>alert(document.cookie)</scr!pt> but wouldnt it be returning your own cookie instead of someone elses? I just dont understand how using a script like that in some search feild would give access to other peoples cookies.



    actually I think i know , it would be done threw private messages. Crafting a message to pull the cookie off of the users computer and then have it write to some server. So if there is no private message function in vuln software you would be safe from other people stealing cookies of peoples computer?

    Sorry if these questions seem stupid i am just trying to figure this out

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    That is the general problem with XSS, it is easy to prove that the problem is there, but it is very hard to generate one that is a vulnerability. What I mean is that most XSS will only effect the person who's computer it is. This of course does no damage.

    The problem faced is how to get the data from the users machine to another. The most common why is to generate a script that redirects the user to a page on another site, with the information attached. From here they are sent back to next page they should see. You can't send back to the page they where at because it will cause a loop.

    So you have a way to send the data, but how do you do it with out getting found out. Problem the address of the site you sent them to is hard coded on the vulnerable site. This means that it will all to easy to trace the trail back to you.

    This is just one way there are many different ones.

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •