Blog moved to

Tuesday, August 28, 2007

Don't Eat My Cookie

Uhmmm, will you guys understand if start writing about XSS ??? If you understand, good, if you don't, great, as it tells that you've so many other things in your life to worry about than mere security on a web site. But, in order to understand what I'm writing here, you've to know little about XSS - Cross Site Scripting.

XSS, in simple terms is a computer security vulnerability found in web applications which allow code injection by bad guys. The bugs can be exploited to craft powerful phishing attacks including stealing credentials.

Why am I writing about this ? Yesterday, I found couple of XSSes in two big Indian web sites. Rediff and MouthShut. I've reported to MouthShut about the vulnerability, but not rediff (Sorry rediff, I hate you) The below screenshot is XSS in MouthShut. If they've fixed, you can see it here.

As I hate rediff, and I didn't report to rediff, I don't want to post about rediff's XSS. But, You can see that rediff is STUPID by giving some weird chars (hint : Vulgar fraction for ½ brained rediff) as input in its search box.

So, how do you escape from such kind of attacks ??? See my last post. Fire-up your fox with NoScript. It saves you from bad guys of this world.

2 responses:

Go Karts! said...

It's kind of strange that it reveals itself as XSS.. forgive me if it's obvious but what other things did you look for to confirm it as XSS?

K said...

Here, I injected a script which will alert the word XSS to prove that there is an XSS.

A bad guy can inject a script which can steal the cookie (document.cookie) from the authenticated user, or redirect him to some other malicious site, etc etc. After all, he can do whatever javascript allows.

I would just look whether the programmer is correctly filtering my input or not :-)


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.

I'm not a lawyer to tell this in a perfect framed sentence. Frame it by yourself if you are so concerned.
Dont think about the content of this blog. Every byte is owned by its rightful owner.
Rest © 2006-2007 Karteek