Over the course of the last couple of days, I’ve been heavily attacking various file upload facilities including but not only embedded devices configuration and firmware upload interface. Some of the setups, I’ve encountered, were pretty secure while others where quite easy to hack into. And this is how I came up with a technique for performing remote file upload attack via a third-party entity such as an authorized user. [...]
XSS is the New Buffer Overflow, JavaScript Malware is the New Shell Code.
XSS Attacks – Cross Site Scripting Exploits and Defence is a book project that I was involved into, together with Jeremiah Grossman, Robert RSnake Hansen, Anton Rager and last but not least, Seth Forgie – technical editor and coauthor. I must say, that the project was a lot of fun mashed with hard work and numerous sleepless nights. [...]
It is probably about time to announce that I am one of the authors of the XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).
The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don’t know much about it. [...]
I was thinking about alternative ways of exploiting the browser without going through the process of finding overflows or other common vulnerabilities. The first most obvious thing I come across is exploiting the user space plugins. There are many reasons why attackers might go for this type of targets, one of which is that plugins are often not written with security in mind.
Let’s have a look at Firefox extensions security implications. [...]
In order to perform browser based attacks, JavaScript is most definitely required with a number of restrictions of course. Flash 7 has the flexibility to perform cross domain requests without restrictions, however this is sort of fixed in Flash Player 8. Java applets are quite the same in that respect. In certain situations it might be possible to trick the browser into doing what ever you want, but this is a different story. [...]
Since there is a growing interest in XSS (Cross-site Scripting) attacks, I will try to put in theory how border routers/gateways can be trivially compromised over the web. For the purpose of this, three prerequisites need to be met: a page that is controlled by the attacker, lets call it evil.com; border router vulnerable to XSS; user attending evil.com. [...]
test your web apps with websecurify application security testing runtime