The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

and are so widespread that anyone with a browser can find an XSS bug some-

where in a matter of minutes. The Bugtraq mailing list is congested with atten-

tion seekers posting XSS bugs in unheard-of software. And in plenty of cases,

XSS vulnerabilities are of minimal significance — not exploitable to do any-

thing particularly worthwhile.

In the archetypal battle between a lone hacker and a target web application,

XSS bugs usually (though not always) provide no help in the hacker’s quest to

compromise the system. Compared with a juicy bug like SQL injection, path

traversal, or broken access controls, cross-site scripting is often “lame” indeed.

However, the significance of any bug is dependent upon both its context

and the objectives of the person who might exploit it. An XSS bug in a banking

application is considerably more serious than one in a brochure-ware site.

Even if the bug does not enable a hacker to break in, it may still be gold dust to

a phisherman seeking to hoodwink millions of unwitting users. 

Further, there are many situations in which XSS does represent a critical

security weakness within an application. It can often be combined with other

vulnerabilities to devastating effect. In some situations, an XSS attack can be

turned into a virus or a self-propagating worm. Attacks of this kind are cer-

tainly not lame.

XSS vulnerabilities should always be viewed in perspective, by reference to

the context in which they appear, and in relation to other serious attacks

against web applications and other computer systems. We need to treat them

seriously, but avoid getting over-excited. Whatever your opinion of the threat

posed by XSS vulnerabilities, it seems unlikely that Al Gore will be producing

a movie about them any time soon. 

Download 5,76 Mb.

Do'stlaringiz bilan baham: