The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

For example, suppose that the error page returned by the application con-

tains the following:

This script parses the URL to extract the value of the 

message

parameter and

simply writes this value into the HTML source code of the page. When

invoked as the developers intended, it can be used in the same way as in the

original example to create error messages easily. However, if an attacker crafts

a URL containing JavaScript code as the value of the 

message

parameter, then

this code will be dynamically written into the page and executed in just the

same way as if it had been returned by the server. In this example, 

the same URL that exploited the original reflected XSS vulnerability can also

be used to produce a dialog box:

https://wahh-app.com/error.php?message=

The process of exploiting a DOM-based XSS vulnerability is illustrated in

Figure 12-5.

Figure 12-5:  The steps involved in a DOM-based XSS attack

Application 

1. User logs in 

3. Us

er requests attacker’

s URL 

4. Ser

ver resp

onds with page  

containing hard-coded JavaScript 

5. Attacker’s  

URL is processed 

 by JavaScript,  

triggering  

his attack  

payload 

7. Attacker hijacks user’

s sess

ion 

6. User’s browser sends session token to attacker 

2. Attacker feeds crafted URL to user 

User 

Attacker 

Download 5,76 Mb.

Do'stlaringiz bilan baham: