XSSI: a not famous but the impact of a wide range of Web vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201782937
Type myhack58
Reporter 佚名
Modified 2017-01-17T00:00:00


Find a specific category of vulnerability two key components: vulnerability awareness and find the vulnerability of the difficulty. Cross-site scripting contains(XSSI)vulnerability in the fact of a common standard i.e.: OWASP TOP 10 and is not mentioned. In addition and there is no disclosure of the use of tools to promote the FindXSSI. Its effects range from the disclosure of personal information stored, based on the TOKEN of the agreement of avoidance to complete account compromise(guess mean should bypass the login). XSSI vulnerability quite wide, since the detection means of the lack to increase everyXSSI vulnerability risk. In this article I will demonstrate if you findXSSI, useXSSI and how to GuardXSSI vulnerability. Background knowledge This part is in terms of the apparent source and the same origin policy(SOP). If you understand this part can be skipped. Source concepts and source-based Web content isolation security mechanism, namely the same-origin policy by Netscape introduced JAVASCRIPT when together introduced. The SOP defines the document how the affect each other. When the two documents belong to the same source, they can access each other. This is actually the WEB Security. The source is most browser is defined as port, domain and Protocol. While Microsoft's Internet Explorer is an exception, it does not include the port. It has its own security implications. The lower table is made(Mozilla Developer Network)using the URL: http://store.company.com/dir/page.html描述了用于SOP的最通用的规则 the. ! Since many browser vendors in the document interactions without a common standard, so the content quarantine is a very necessary thing. For more information: security researcher Michal Zalewski in his book Tangled Web, a Chapter of the content is in the writing this problem. XSSI Cross-Site Scrite Inclusion(XSSI),a somewhat intangible but descriptive name, specify a class of vulnerability: when the resource use script tags to include, the SOP fails, because the script must be able to contain cross-domain. Therefore an attacker can read with the script tag contains all the content. When it comes to dynamic JavaScript and jsonp, the so-called authority information such as cookies used for authentication when the Will is particularly interesting. Cookies and CSRF same, from a different host to when the request will be included. This loophole in the above Michal Zalewski's book in the footnote and Sebastian Lekies et al's paper in the footnote to be mentioned. According to the script of the data content is different, XSSI can have different use way. In the wider dissemination of the sensitive data is personal information such as e-mail, mail address, birthday, etc. But you can also find tokes, session id,other ID, such as UID. The most simple use is to check whether a user has logged in(log in oracle). The obtained information can be used in social engineering or other specific mode of attack is to abuse. WithXSSwith the CSRF boundaries XSSI in the name withXSSare similar, in the description of the CSRF are similar. It three the common ground between i.e. the same as for the client attack. WithXSSthe difference is easy to understand: in aXSS, the malicious code is placed on the victim's page, andXSSI in the victims code to be included in a malicious page. While on the surfaceXSSI and CSRF are very similar, because they are a malicious page requests to another domain, and both cases, the request is after the user has logged on to perform. And the most critical difference lies in purpose. In CSRF, the attack wants the victim to the page to perform a state change operation, such as in an online banking application for transfers. InXSSI, the attacker wants to cross-domain leakage of data, in order to then perform the above attack. Search, find and use When the searchXSSI, the need to distinguish between the four cases. But fortunately use is similar or even the same(just like the reflection with the storedXSS) to. We may be four cases to distinguish are as follows: 1. Static JavaScript(normalXSSI) 2. Static JavaScript, but only after the certification can be accessed

[1] [2] [3] next