The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Another highly functional browser exploitation framework is XSS Shell, pro-

duced by SecuriTeam. This provides a wide range of functions for manipulat-

ing zombie hosts compromised via XSS, including capturing of keystrokes,

clipboard contents, mouse movements, screenshots, and URL history, as well as

the injection of arbitrary JavaScript commands. It also remains resident within

the user’s browser if she navigates to other pages within the application.

Chapter Summary

We have examined a huge variety of ways in which defects in a server-side

web application may leave its users exposed to malicious attack. Many of

these vulnerabilities are complex to understand and discover, and often neces-

sitate an amount of investigative effort that exceeds their actual significance as

the basis for a worthwhile attack. Nevertheless, it is common to find that lurk-

ing among a large number of uninteresting client-side flaws is a serious vul-

nerability that can be leveraged to attack the application itself. In many cases,

the effort is worth it.

Further, as awareness of web application security continues to evolve, direct

attacks against the server component itself are likely to become less straight-

forward to discover or to execute. Attacks against other users, for better or

worse, are certainly part of everyone’s future.

Questions

Answers can be found at 

www.wiley.com/go/webhacker

.

1. What is the standard “signature” in an application’s behavior that can

be used to identify most instances of XSS vulnerabilities?

2. You discover a reflected XSS vulnerability within the unauthenticated

area of an application’s functionality. State two different ways in which

the vulnerability could be used to compromise an authenticated session

within the application.

3. You discover that the contents of a cookie parameter are copied without

any filters or sanitization into the application’s response. Can this

behavior be used to inject arbitrary JavaScript into the returned page?

Can it be exploited to perform an XSS attack against another user?

4. You discover stored XSS behavior within data that is only ever displayed

back to yourself. Does this behavior have any security significance?

5. You are attacking a web mail application that handles file attachments

and displays these in-browser. What common vulnerability should you

immediately check for?

Download 5,76 Mb.

Do'stlaringiz bilan baham: