Java Script
JavaScript
is the programming language of the web. It's one of the most popular and in
demand skills in today's job market for good reason. JavaScript enables you to
add powerful interactions to websites
A
Scripting Language understood by the browser.
JS
is embedded in HTML Pages
The
Browser RUNS the js instead of displaying it
The tags.
Event Handler
When JavaScript is used in HTML pages, JavaScript can "react" on
these events.
When
the page loads, it is called an event. When the user clicks a button, that
click too is an event. Other examples include events like pressing any key,
closing a window, resizing a window, etc.
Onload
Basically
java script uses onload function to load an object on any web page. For example
I want to generate an alert for user those who visit my website; I will give the
following JavaScript code.
So
whenever the body tag loads, an alert will pop up with following text Welcome to
Hacking Articles for the visitors. Here the loading of the
body tag is an event or a happening and onload is an event handler which decides what
will action will happen on that event.
Similarly, there are many JavaScript event handlers which define what event occurs for such type of action like scroll down of page, or when an image fails to load etc.
Onmouseover
Onmouseover,
when the user moves his cursor over the text, the additional code will be
executed. For example let understand following code:
Now
when user moves his cursor over the surprise the displayed text on the page, an
alert box will pop up with 50% discount.
onclick:
|
Use this to invoke JavaScript upon clicking (a link, or form
boxes)
|
onload:
|
Use this to invoke
JavaScript after the page or an image has finished loading
|
onmouseover
|
Use this to invoke
JavaScript if the mouse passes by some link
|
onmouseout
|
Use this to invoke JavaScript if the mouse goes pass some link
|
onunload
|
Use this to invoke
JavaScript right after someone leaves this page.
|
Cross Site Scripting (XSS)
XSS
is listed as top third web application security risk in the OWASP to top 10
risk model 2017.
Cross-site
scripting (XSS) is a flaw in a web application that allows an attacker to
execute malicious JavaScript through code injection attack in another victim's
browser.
In
this attack user is not directly targeted through a payload, although attacker
shoot the XSS vulnerability by inserting malicious script into a web page that appears
to be a genuine part of the website to the users, whenever any user visit that
website it will automatically send the malicious JavaScript code in his browser
without his knowledge.
Let’s take an example that
following code is XSS vulnerable, an attacker may possibly present a history
that holds a malicious payload such as
Print
""
Print "
Recent History
"
Print request.Recent
History print "
Users
visiting the web page will get the following HTML page without his knowledge.
Recent History
There are actually three
types of Cross-Site Scripting, commonly named as:
·
Persistent XSS
·
Non-persistent XSS
·
DOM-Based XSS
Persistent
A
persistent XSS also known as stored XSS because through this vulnerability the injected
malicious script get permanently stored inside the webserver and the
application server give out it back to the user when he visits the respective
website. Hence when the client will click on payload which appears as an
official part of the website, the injected JavaScript will get execute by the
browser. The most common
example is comment option on blogs, which allow the users to POST their comment
for administer or other user.
Persistent
XSS is considered more dangerous because the malicious payload is stored inside
web server as the more visitors will interact with the website will result into
more XSS infected user. Attack does not require phishing technique to target
its users.
Example:
An example of a web
application vulnerable to stored XSS as shown in the screenshot.
This JavaScript gets stored
in the database of the web application and gets executed on the victim's
browser, which capture the cookie and send it to the attacker.
Read complete article from
here
Non-Persistent
The non-persistent XSS is
also known as reflected XSS is occurs when the web application respond
immediately on user’s input without validating the inputs this lead an attacker to injects browser executable code inside the
single HTML response. It’s named as “non-persistent” since the malicious
script does not get stored inside the web server, therefore attacker will send
the malicious link through phishing to trap the user.
The
most common applying of this kind of vulnerability is in Search engines in
website: the attacker writes some arbitrary HTML code in the search textbox
and, if the website is vulnerable, the result page will return the result of
these HTML entities.
Example:
An example of a web
application vulnerable to reflected XSS as shown in the screenshot.
It is also known as type 1 because this attack is carried
out through single request/response then gets executed on the victim's browser,
and will prompt an alert “hellllooo” to his browser.
Read complete article from
here
DOM-Based:
The Document Object
Model (DOM) is an API
that increases the skill of programmers or developers to produce and
change HTML and XML documents as
programming objects.
The JavaScript language is
used in DOM, which is also used for other websites. Through JavaScript it allows
programmer to make the dynamic changes in HTML document can be accessed, modify, deleted, or added using
the DOM.
When an HTML document is
loaded into a web browser, it becomes a document object.
The
document object is the root node of the HTML document and the "owner"
of all other nodes
The HTML DOM model is
constructed as a tree of Objects
With the object model,
JavaScript gets all the power it needs to create dynamic HTML:
·
JavaScript can
change all the HTML elements in the page
·
JavaScript can
change all the HTML attributes in the page
·
JavaScript can
change all the CSS styles in the page
·
JavaScript can
remove existing HTML elements and attributes
·
JavaScript can
add new HTML elements and attributes
·
JavaScript can
react to all existing HTML events in the page
·
JavaScript can
create new HTML events in the page
The DOM-Based Cross-Site Scripting
is vulnerability which appears in document object model instead of html page. An
attacker is not allowed to execute malicious script on the user’s website although
on his local machine in URL, it is quite different from reflected and XSS
because in this attack developer cannot able to find malicious script in HTML
source code as well as in HTML response, it can be observed at execution time.
The DOM-Based XSS exploits
these problems on user’s local machines in this way:
– The attacker creates a well
built malicious website
– The ingenious user opens that sites
– The user has a vulnerable page on his machine
– The attacker’s website sends commands to the vulnerable HTML page
– The vulnerable local page execute that commands with the user’s privileges on that machine.
– The attacker easily gain control on the victim computer.
– The ingenious user opens that sites
– The user has a vulnerable page on his machine
– The attacker’s website sends commands to the vulnerable HTML page
– The vulnerable local page execute that commands with the user’s privileges on that machine.
– The attacker easily gain control on the victim computer.
Example:
The following screenshot
is an example of a web application server that is affect with DOM based XSS
attack. The web application let you to choose the following language and will
execute through URL.
Attacker will add
malicious script inside URL
http://localhost:81/dvwa/vulnerabilities/xss_d/?default=English#
The major difference
between DOM XSS and Reflected or Stored XSS flaw is that it cannot be stopped
by server-side filters because anything written after the "#"
(hash) will never forward to the server.
0 comments:
Post a Comment