Full Disclosure mailing list archives
Re: logically stopping xss
From: Valdis.Kletnieks () vt edu
Date: Wed, 23 Jul 2003 00:06:24 -0400
On Tue, 22 Jul 2003 23:10:12 EDT, Justin Shin said:
see theres a gazillion xss "exploits" just sitting out there that no-one knows of, and no admin can keep up with all the new "exploits" for xss. I am just looking for suggestions, that's all. I swear, when I said was stupid, I didn't mean I was THAT stupid :)
Oh.. *suggestions*.. That's different. ;) If you're looking for XSS, start by finding a form that the user fills in themselves. Then see if that data can be found on some OTHER page. The only two parts missing then are (a) improper filtering before redisplay and (b) getting a victim to visit the other page. ;) Unlike virus/malware detectors that can look for things like nop sleds, there's no really general way to filter for XSS, since the whole trick is to pass *legal* structures to the victim and have them interpreted in incorrect contexts. Quite often, the attack is a "recombinant DNA" type, where you're providing fragments in several pieces all of which *looked* legal separately (like one MUA that had an issue displaying a *series* of messages, each of which had a small chunk of javascript in the Subject: line... Ouch ;) You might want to get hold of a copy of Hofstaeder's "Godel Escher Bach" - once you read and understand the chapter on quining, knowing what signs of an XSS problem to look for will be a lot easier. The rest of the book is a worthwhile read too - you'll learn a lot about exactly why scanners like SNORT can't be 100% right, and a lot less painfully than the Theory of Computation classwork version. ;)
Attachment:
_bin
Description:
Current thread:
- logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Edstrom Johan (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss KF (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss petard (Jul 22)
- <Possible follow-ups>
- RE: logically stopping xss Marc Ruef (Jul 23)
- RE: logically stopping xss Schmehl, Paul L (Jul 23)