post avatar

Even More XSS Worms

This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.

There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

New Terminology

For my Black Hat talk I had to come up with some made-up terms in order to find sensible enough categories in which my material actually fits. So, I will put them all up here for feedback from the audience.

Cross-context Request Forgery

CCRF (Cross-context Request Forgery) is the generalized form of CSRF (Cross-site Request Forgery). Although, the general notation is that CSRF only applies to site-to-site types of attacks, the reality is very different. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

WiFi Infestations – Viral Wardriving

WiFi networks are the necessary evil. In this post I would like to briefly highlight some ideas on the potential damages that can be introduced when attackers combine automated viral-like attacks with human power. This post is largely related to the wifi worms topic that was quite present among all media outlets at the beginning of 2008. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

The Pownce Worm (Yet Another Potential AJAX Worm)

First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

XSS Attacks – Cross Site Scripting Exploits and Defence

XSS is the New Buffer Overflow, JavaScript Malware is the New Shell Code.

XSS Attacks – Cross Site Scripting Exploits and Defence is a book project that I was involved into, together with Jeremiah Grossman, Robert RSnake Hansen, Anton Rager and last but not least, Seth Forgie – technical editor and coauthor. I must say, that the project was a lot of fun mashed with hard work and numerous sleepless nights. [...]

» more | » comments | » comments rss | posted by pdp

Author of the XSS Book

It is probably about time to announce that I am one of the authors of the XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).

The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don’t know much about it. [...]

» more | » comments | » comments rss | posted by pdp

Cross Context Scripting

I was thinking about alternative ways of exploiting the browser without going through the process of finding overflows or other common vulnerabilities. The first most obvious thing I come across is exploiting the user space plugins. There are many reasons why attackers might go for this type of targets, one of which is that plugins are often not written with security in mind.

Let’s have a look at Firefox extensions security implications. [...]

» more | » comments | » comments rss | posted by pdp

XSSing the Lan 2

In order to perform browser based attacks, JavaScript is most definitely required with a number of restrictions of course. Flash 7 has the flexibility to perform cross domain requests without restrictions, however this is sort of fixed in Flash Player 8. Java applets are quite the same in that respect. In certain situations it might be possible to trick the browser into doing what ever you want, but this is a different story. [...]

» more | » comments | » comments rss | posted by pdp

XSSing the Lan

Since there is a growing interest in XSS (Cross-site Scripting) attacks, I will try to put in theory how border routers/gateways can be trivially compromised over the web. For the purpose of this, three prerequisites need to be met: a page that is controlled by the attacker, lets call it evil.com; border router vulnerable to XSS; user attending evil.com. [...]

» more | » comments | » comments rss | posted by pdp

test your web apps with websecurify application security testing runtime

The Others

from the creators of GNUCITIZEN we bring to you...