Cross-Site Scripting
Detected by Syhunt: Yes (Dynamic, Code)
Type: Injection Flaw
Also Known As: XSS, CSS
CWE: 79
Many web sites contain flaws that allow remote cross-site scripting attacks (also known as XSS or CSS). XSS flaws exist because applications fail to validate input upon submission. A XSS flaw can allow attackers to create specially crafted URLs that can execute arbitrary code in a user's browser within the trust relationship between the browser and server, leading to loss of integrity.
Resources
- XSS (Cross-Site Scripting) Prevention Cheat Sheet
- Ways to Prevent XSS - Software Testing Help
- How to prevent XSS with HTML/PHP - Stack Overflow
- Cross-Site Scripting (XSS) - InfoSec Institute
- Cross-Site Scripting - OWASP
- Understanding cross site scripting (XSS) attacks - GoDaddy
Examples of vulnerable code
Below you can find very basic examples of XSS vulnerabilities.
PHP
<? echo($_GET['name']); // XSS 1 echo($_POST['name']); // XSS 2 echo($_REQUEST['name']); // XSS 3 ?>
Syhunt scan results for this example code:
Found: 3 vulnerabilities In /xss_basic.php (source code, locally), on line 2: Possible XSS Vulnerability In /xss_basic.php (source code, locally), on line 3: Possible XSS Vulnerability In /xss_basic.php (source code, locally), on line 4: Possible XSS Vulnerability
See: Vulnerable PHP Code for more examples
ASP
ASP.NET/Classic ASP
<% Response.Write(Request.Form["name"]); Response.Write(Request.QueryString["name"]); %>
Syhunt scan results for this example code:
Found: 3 vulnerabilities In /xss.aspx (source code, locally), on line 2: Possible XSS Vulnerability In /xss.aspx (source code, locally), on line 3: Possible XSS Vulnerability
ASP.NET
<%@ Page Language="C#"%> <script runat="server"> void SubmitBtn _Click(object sender, EventArgs e) { Response.Write(InputText.Text); } </script> <html> <body> <form id="form1" runat="server"> <asp:TextBox ID="InputText" Runat="server" TextMode="MultiLine" Width="300px" Height="150px"> </asp:TextBox> <asp:Button ID="SubmitBtn" Runat="server" Text="Submit" OnClick="SubmitBtn _Click"/> </form> </body> </html>
Syhunt scan results for this example code:
Found: 1 vulnerability In /xss_runatsrv.aspx (source code, locally), on line 4: Possible XSS Vulnerability
JSP
<%@ page import="java.util.*,java.io.*"%> <% out.println(request.getParameter("name")); %>
LP (Lua Pages)
<?lua cgilua.put(cgilua.QUERY.name) cgilua.put(cgilua.POST.name) ?>
Lua
cgilua.htmlheader() cgilua.put(cgilua.QUERY.name) cgilua.put(cgilua.POST.name)
Links For Pen-Testers
Cheat Sheets
Page last modified on December 31, 2018, at 02:51 PM