JavaScript Injection and XSS Attack

JavaScript Injection and XSS Attack : In  this  cyberpointsolution tutorial we are going to describe about the JavaScript Injection and XSS Attack.

JavaScript Injection and XSS Attack

---

INTRODUCTION TO JAVASCRIPTS

JavaScript is a programming language commonly used in web development. It was originally developed by Netscape as a means to add dynamic and interactive elements to websites.

Java > Javascript

Java is a software programming language. But, Javascript is meant for development of Web Applications which is generally used in front end developing.
Javascripts is concerned with the behaviour of the webpages depends upon the user inputs. Mainly deployed on the dynamic webpages for the validation purposes.
For Example : A simple java script code can create and show Prompt Box or Alert Box etc.

Usually Javascript is used with HTML. For using Javascript, We use tags like, <script> etc.

They use Tags and functions like :

alert(document.cookie)

alert()
prompt()
document.write
document.cookie
fuctions
loops
conditions

Syntax Of Javascripts

<script> : </script>

<script> = Starting Tag

</script> = Ending Tag

<script>
.
.
.
</script>

TAGS :

= alert() : This function is used to draw a pop up box known as dialoug box. What ever the body content of the function is written into it it will show it as text on the box.

 

SYNTAX : <script>alert(“String Based / Integer Based”)</script>

eg.
<script>alert(“Welcome to this site”)</script>

Syntax : <script>alert()</script>

Here we can write two type of data types. First String Based and Integer.

<script>alert(“Welcome to Site”)</script>

<script>alert(“123”)</script>

= prompt : It is same as alert but also given a text field to write ur own text. But it will not effect the working of the pop up hence only with read only property.

<script>prompt(“hi”)</script>

= Stealing Cookies with Java Script

Stealing Sessions via Cookies

Function : document.cookie

Every website contains a cookie and respective session in browser memory hence if we are able to get the cookie we can embed the same cookie in our browser and as we open the same site will be going to enter into the same session of the victim.

<script>alert(document.cookie)</script>

———————————————————-

XSS – CROSS SITE SCRIPTING

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.

Flaw of XSS

When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.

TYPES OF XSS

1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
3.DOM BASED XSS Works with the document objects which works with manipulating the document objects defined in a javascript. And by this we can reverse and manipulate the functionality of a website.

document.cookie – Cookie Stealing, Session Hijacking
document.write , document.location etc.

DEMONSTRATION on LVS and DVWA

STEPS
=====

= Finding any XSS vulnerable web application, DVWA and LVS.
= Reflected XSS (LOW in DVWA, LVS)
= <script>alert(“hacked”)</script> //this will create a pop up named kartik
= Stored XSS (LOW in DVWA, LVS)
= Name : kartik Message : <script>alert(“xss vulnerability”)</script> // storing in thge Database.

= Reflected XSS (MEDIUM in DVWA, LVS)
Here <script>alert(“test”)</script> will not work. Because the source code has performed validation checks and sanitization.

Validation Check / Sanitization says > replace “<script>”

= ways to bypass XSS in medium security
1. <script> <script>
2. <script lan=eng>
3. <ScRipt>
4. <scr<script>ipt> —> <script> –> <scr ipt> –> <script>

= <ScRiPt>alert(“test”)</script>

= Cookie Stealing
To steal the cookie of the website > affecting on (document.cookie)
<ScRiPt>alert(document.cookie)</script>

————————————————————————————————————-

https://lucideustech.blogspot.in/2018/03/a-definitive-guide-to-session-hijacking.html

————————————————————————————————————

BROKEN AUTHENTICATION AND SESSION MANAGEMENT

Broken Authentication and Session Management is two different vulnereabilities. Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
Broken Authentication leads to Weak Login Credentials a Web Application authentication check is having, and Session management leads to the exposure of sensitive Session IDs.

IRAJ LOGGED IN INTO PNB – 21071993 – fRyuT5478hFde56

Demonstration of Broken Authentication and Session Management in LVS.

Session Management Example :

pnb login > session created > sessiion id = 123545677gcccgz89

ATTACKER > steal the session id > behave like a victim and go to pnb site > session id of the attacker, he/she can change it with the viictim’s session id ie, session id=12354567789 in the same version of we browser and same enviornment.

———————————————————————————————————————————————————————-

FUNCTION on XSS high: onload , onfocus

TASK
====
1. hackertest.net
2. https://xss-game.appspot.com/

 

JavaScript Injection and XSS Attack with Examples

---