CSRF-XSS

Posted on | In | Visitors:

XSS

What is XSS ?

  • Cross-Site Scripting;

  • injects client-side executable code into web applications.

The three conditions for XSS :

  • A Web application accepts user input;

  • The input is used to create dynamic content;

  • The input is insufficiently validated.

XSS Attacks

  • gather data from account hijacking;

  • changing of user settings;

  • cookie theft/poisoning;

  • false advertising ;

  • scanning for other vulnerabilities and performing a Denial of Service on your web server.

How XSS works?

  • An attacker injects some code;

  • the web application saves it and displays it on a page;

  • later presented to a victim.

XSS Prevention

  • httponly;

  • countermeasures:

    • do whitelist input filtering instead of blacklist;

  • blacklist based filtering;

  • 输入过滤、输出转义

CSRF

  • Cross-site request forgery

Classic CSRF attack

  • User visits victim site
    • log in;
  • User loads attacker’s site
    • Or encounters attacker’s iframe on another site;
  • Attacker sends HTTP requests to victim
    • Victim site assumes requests originate from itself

CSRF Defenses

  • Secret Validation Token;
    • use frameworks like Rails
  • Referer Validation Defence;
    • works over HTTPS
  • Custom Header Defense;
    • for AJAX