Null Open Security
Community
Monthly-meetup
Title Text
Who Am I ?
Mohd Arif
Security enthusiast
VAPT
Free time bug bounty hunter
Twitter: @Zero0x00
Email: zero0x00@protonmail.com
Presentation: Cross site scripting
Text
What is XSS ?
- Cross Site Scripting
- It is a Computer security vulnerability typically found in web applications.
- It is consider as one of the top 10 OWASP web-application vulnerability
XSS breif intro !
Cross-site scripting occurs when an attacker is able to insert untrusted data/scripts into a web page. The data/scripts inserted by the attackers get executed in the browser can steal users data, deface websites etc.
Impact of XSS
- Cookie theft
- Keylogging
- Phishing
- URL Redirection
Types of XSS
- Reflected XSS
- Stored XSS
- Dom-based XSS
Reflected XSS
Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request
Stored XSS
It Occurs in Places Where a Malicious User input Containing XSS Vector is stored or "saved". Thus It may (happens mostly..) cause Multiple User to be affected.
Dome-based XSS
DOM-based XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side
How to hunt XSS
1.Find a input parameter & give any input
(if reflected or stored then it may have XSS bug)
2.Try to execute any java script there, if executed then there is XSS.
3.Exploitation of XSS
Time for practical session
practice over online XSS lab
- http://testphp.vulnweb.com/
- http://leettime.net/xsslab1/
Thank-You
AS
Any Question ??