For Example : A simple java script code can create and show Prompt Box or Alert Box etc.
They use Tags and functions like :
<script> : </script>
<script> = Starting Tag
</script> = Ending Tag
= alert() : This function is used to draw a pop up box known as dialoug box. What ever the body content of the function is written into it it will show it as text on the box.
SYNTAX : <script>alert(“String Based / Integer Based”)</script>
<script>alert(“Welcome to this site”)</script>
Syntax : <script>alert()</script>
Here we can write two type of data types. First String Based and Integer.
<script>alert(“Welcome to Site”)</script>
= prompt : It is same as alert but also given a text field to write ur own text. But it will not effect the working of the pop up hence only with read only property.
= Stealing Cookies with Java Script
Stealing Sessions via Cookies
Function : document.cookie
Every website contains a cookie and respective session in browser memory hence if we are able to get the cookie we can embed the same cookie in our browser and as we open the same site will be going to enter into the same session of the victim.
XSS – CROSS SITE SCRIPTING
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.
Flaw of XSS
When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.
TYPES OF XSS
1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
document.cookie – Cookie Stealing, Session Hijacking
document.write , document.location etc.
DEMONSTRATION on LVS and DVWA
= Finding any XSS vulnerable web application, DVWA and LVS.
= Reflected XSS (LOW in DVWA, LVS)
= <script>alert(“hacked”)</script> //this will create a pop up named kartik
= Stored XSS (LOW in DVWA, LVS)
= Name : kartik Message : <script>alert(“xss vulnerability”)</script> // storing in thge Database.
= Reflected XSS (MEDIUM in DVWA, LVS)
Here <script>alert(“test”)</script> will not work. Because the source code has performed validation checks and sanitization.
Validation Check / Sanitization says > replace “<script>”
= ways to bypass XSS in medium security
1. <script> <script>
2. <script lan=eng>
4. <scr<script>ipt> —> <script> –> <scr ipt> –> <script>
= Cookie Stealing
To steal the cookie of the website > affecting on (document.cookie)
BROKEN AUTHENTICATION AND SESSION MANAGEMENT
Broken Authentication and Session Management is two different vulnereabilities. Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
Broken Authentication leads to Weak Login Credentials a Web Application authentication check is having, and Session management leads to the exposure of sensitive Session IDs.
IRAJ LOGGED IN INTO PNB – 21071993 – fRyuT5478hFde56
Demonstration of Broken Authentication and Session Management in LVS.
Session Management Example :
pnb login > session created > sessiion id = 123545677gcccgz89
ATTACKER > steal the session id > behave like a victim and go to pnb site > session id of the attacker, he/she can change it with the viictim’s session id ie, session id=12354567789 in the same version of we browser and same enviornment.
FUNCTION on XSS high: onload , onfocus