Why is Cross-site Scripting dangerous?
If you want to know the new technique and method that hackers use to hack and infiltrate sites and destroy them, you can read this article that explains the XSS method.
 | 14 minute(s) read | Published on: Dec 01, 2021 Updated on: Mar 19, 2022 |
As they know, with the advancement of technology and the increase of different types of tools, the number of people whose goal and motive are to hack sites and steal data also increases, and many people want to hack sites and infiltrate them. XSS is another method that can be used to hack sites. In this method of hacking and infiltrating sites, some code is inserted into applications or stays, until by deliberately entering this type of code into the code and resources of apps and sites, it destroys their performance and finally They also provide access to systems, be it sites or apps, by creating vulnerabilities and vulnerabilities. It should be noted that most information leakage is done through this type of hacking and intrusion method. This type of attack and hack can be done through cross-site scripting, which causes some code to be inserted into the source code of the leading apps and sites, destroying the function of the set and app and creating vulnerabilities and vulnerabilities. That hackers and profiteers enter the system and the app and steal the data, they need.
It should be noted that the abbreviation Cross-site scripting, which means injecting malicious code into the main source code, is XSS. In this method of attacking and hacking systems and apps, they enter some malicious Java code into the Web Application, which can also cause disruption and destruction of design and app performance.
JavaScript
As you know, JavaScript is a high-level programming language that can be used to design and develop some web pages and websites ( in French: concevoir et développer des pages Web et des sites Web ). Using this programming language, you will be able to design and develop web pages that are dynamic. Of course, it is also important to mention that using this is to design and create different types of web pages. You will easily access multimedia that includes images, videos, audio, etc. Manage. This programming language is so popular and widespread that we can say that 90% of the time, this is used to design and develop various types of websites worldwide.
Now you may be wondering why in the use of the JavaScript programming language, some malicious code enters our source code and destroys its functions. To answer this question, we say that there are some capabilities in the JavaScript programming language that have caused these events:
- JavaScript has this feature to access the rest of the objects on the web page. This access can be accessed to a user-generated cookie that the Java programming language has access to. Java programming language access to user cookies means that hackers could use fake authentication to log in and infiltrate.
- JavaScript has access to the XMLHttpRequest feature, which can also be used to send HTTP content requests for specific purposes.
- JavaScript has the capability and capability to be able to access some HTML5 APIs through browsers. In this case, we can say that they can access the user's geographical location, webcam, microphone, and even some user-specific files. Of course, it is also worth mentioning that these types of accesses require approval and issuance of access permissions by the user.
- JavaScript can access DOM browsers.
- This capability, as well as the capabilities of the Java programming language, can enable hackers, hackers, and attackers to gain access to sites and apps that have been designed and developed using the programming language.
The reasons why hackers infiltrate systems designed and developed using the Java programming language are as follows:
- Intruders with the purpose and motive of accessing and stealing users' critical business information infiltrate their systems.
- To get some important authentication information
- Sending some fake requests through users' access to be able to steal their data and information
- Creating some fake forms and styles on websites to deceive the user and through them to hack and attack themselves.
What is XSS Vulnerability?
It should be noted that XSS stands for Cross-site scripting. XSS vulnerabilities are the same as attacks performed by code injection. In this method, users are attacked by sending some unique code to the primary code sources, directly attacking the website and causing some damage to it. One of the most important things to note about this attack is that in this attack, the malicious and vulnerable site and the users of the site are targeted so that they can be attacked and destroyed.
What are the types of XSS?
Initially, this type of vulnerability was divided into two kinds, Stored and Reflected, which mean the same thing as continuous or non-continuous.
Initially, this type of vulnerability was of two types, but finally, in 2015, the third type of this type of vulnerability was created by Mr. Amit Klein. The third type of vulnerability is DOM-based.
XSS server
It should be noted that XSS Server occurs when an invalid user succeeds in forcing the website to generate data in response to HTTP. The source of this data can also be requested or sent from somewhere. Therefore, HTTP can be of two types: Reflected Server XSS or Stored Server XSS. In this method of attacking and vulnerability of XSS, we provide a kind of malicious code from the server. The browser can execute this code provided by the server, and as a result, cause damage.
Client XSS
It should be noted that the XSS Client also occurs when an invalid user succeeds before attempting to update the DOM via a JavaScript call insecurely. JavaScript calling can also occur when a valid JavaScript code can be provided to the DOM. Receiving malicious DOM code can be from the browser or even sent from the server.
What is Stored XSS?
This type of vulnerability, also known as XSS, or even persistent XSS, can occur when an application receives or sends information. For this type of attack and vulnerability to occur, the user must find a vulnerability in the program and application. After finding that vulnerability in the app, inject it into the server and transfer it. Of course, This vulnerability must be part of the program and app storing information and data, such as comment fields, forum topics, contact sections, or...
To complete the examples we have given you, suppose a user on a website can post a comment below a post. It should be noted that when we as a user submit a request for comment on the following positions, a request is sent such as the next body:
After this comment has been submitted, in the next series, any user who wants to visit this post that is shared on this website, will receive the following code in response to the website, in addition to some other content:
Now we assume that the program has mistakenly processed the submitted data, in which case the attacker can start to send some comments such as the following:
The code above uses two Script tags, which you should know that programmers use this tag in the following two ways:
1- Using these tags in writing JavaScript codes
2- Using these tags in the source code, which includes JavaScript code
How can we detect the Stored XSS bug?
To determine if XSS is bug-free, it is important to know that programmers use various methods. One of the methods programmers use to detect XSS vulnerabilities and bugs is to use vulnerability assessment tools. These types of tools can be used to find all the vulnerabilities defined. Some of these tools are listed below for introduction:
- Burp Suite
- Acunetix
- Netsparker
- Nessus
Of course, it should be noted that the number of these types of tools is vast, and the tools that we mentioned here and introduced were among the tools that have been used the most and have a high level of popularity and satisfaction.
In addition to doing this with vulnerabilities, it is also possible to do so manually. This method, which requires you to identify and identify vulnerabilities manually, can be a bit of a challenge. In this way, you should be able to manually check all the input points of the program that the attacker can control and change and may be processed in the program and all the exit points of the program that can appear in HTTP responses.
Some of the points on which the required processing will be performed are as follows:
- Parameters and other data contained in the URL queries or the body of the request.
- Path of URL files
- HTTP headers that cannot be used in XSS Reflected. Out-of-band paths that the attacker can deliver through this path. Of course, it is better to know that these paths are different according to the type of performance they have, and the difference is only because of their performance.
The first step in finding the Stored XSS vulnerability is to find the link between the input and output points. This may be because we see the data sent by the user at the output points of the application. It should be noted that all data sent to input points will not appear at the exit point and can be accessed from several output points. We can say that the username can be displayed at several points as an article. Their names can only be displayed to the user, increasing the risk of attack.
In addition, data available to track systems can be used repeatedly by other actions taken. For example, we can say that the search list can display all the data searched by the user.
Examples of Stored XSS Vulnerabilities
To better understand and comprehend this issue, we will give some examples until you know them. Below are some of the vulnerabilities in Stored XSS.
Stored XSS Vulnerability in Google Tag Manager
It should be noted that the best way to Sanitize user inputs is to do it when the data is rendered. There are even some traces that the application can sanitize for data storage time. It is incorrect because malicious users can discover new files that cannot be sanitized and use them to store data. In addition, the Google tag manager service is one of the SEO tools used by digital marketers to find and increase the number of tags that can be used. In this service, there are some forms that the user can use to interact with other people. Some payloads can be used to perform XSS attacks quickly. Like the following:
If the code above is done, Payload will have the ability to close the harvested HTML tag. Necessary uploads Rob Ray did, for example, an image.
After that, an alternative way was found for Payload, which we could do faster and easier. Alternative Rejection In addition to the form fields, an easy and fast way is created for the user that the user will be able to upload a file with the JSON extension that contains precisely the required tags.
The following is a file that contains this alternative:
In the code above, the value set for the Name attribute is the same as the previous Payload for XSS.
Stored XSS Vulnerability in Yahoo!
Be aware that sanitizing user inputs by editing them can cause problems if implemented incorrectly. We will give you the example of the same Yahoo email source that can cause you problems.
As you know, the Yahoo Mail Editor allows its users to add and upload their images via the -img- tag. All user data was then sanitized, securing the data editor by removing JavaScript attributes, such as onload and error.
Most HTML tags have this feature to get the attribute or attribute that is inside the tag to allow the user to add more information. For example, we can say that the -img- tag can accept the src attribute used to specify the image address. In addition, this tag allows this feature to use some characteristics such as width and height. As they know, these attributes can be used to determine length and width. It should be noted that some of the characteristics in which the user can use the tags are Boolean, and how to use them is as follows: if these tags are in these attributes, the browser will see them as True, and if the browser If you do not use these tags in these attributes, the browser will see them as false.
With that in mind, Mr. Jouko Pynnonen has found that Yahoo will delete the set value if we add a Boolean attribute and set it. But the name and adjective will keep it the same as it was. Like the following:
In the codes listed above, the INPUT tag indicates a check box, and its marked or unmarked status can be adjusted using the CHECKED attribute.
According to some of Yahoo's Sanitize policies, the code above changes as follows:
After we change the codes based on some policies, it looks like this:
The above code changes as follows:
Reflected XSS Discover Apple
To be able to detect bugs and vulnerabilities, I can use the following methods:
- Check all input points:
In this case, we must check all the points that are for Word. Let's test each entry point separately via an HTTP request.
These entry points can include some parameters such as strings inside the Query String, URL, body of requests, path of URL files
- Send letter and numeric values to input points: For all input points, send some values of a letter and numeric types to make sure that these values are not contrary to Input validation policies.
- Change the Context location.
- Check the browser attack.
- Test the initial payloads.
- Test alternative payloads.
- Change the Context location.
- Check the browser attack.
- Test the initial payloads.
- Test alternative payloads.
How can we reduce XSS risks and vulnerabilities?
To reduce the risk and bug of XSS, we need to do some tests. Of course, our steps depend on their performance and design.
- Lack of support for HTTP TRACE
- Validation Input
- Escaping
- Sanitize inputs when rendering them
- Do not enter unreliable data in some authorized places
Click to analyze your wesbite SEO