Hack the Hacker - Cross Site Scripting ( XSS )


Whats is XSS or Cross Site Scripting ?

Its a technique by which a Hacker requests you to click a link of a trusted site with malicious parameters and hence able to deliver and execute java script on your machine. 

This technique uses Javascript as the tool for fetching site specific personal information ( security context , cookies ) from your system or could render information from some other site or may even redirect you to some other site.

Scenerio 1 -

Suppose somebody ask you to hit the url with javascript in it.
Lets see this url - www.trustedSite.com/someAction?parameter=<Script>Alert(123)</Script>

and suppose the site just simply dumps the received request parameter in the response page. So the response page will come up with <Script>Alert("Hello")</Script> and you will see a alert from the site "trusted site".

Till Alert its Ok, but what if there was a script that would internally redirect to a malicious site or would post the information copied from the cookie or session. You may feel that its a trusted site which has done this as you will keep seeing the trusted site domain in the url.
 
Scenerio 2 -

Now lets suppose if you hit the similar url for posting some form value and you submitted javascript as your first name in the trusted site DB. Now everytime you will login to the site and a script will be renedered to you and hence same as above situation will arrive. Now you no longer need to hit the malicious URL again and again but with each login , you are within the trap of hacker.

The problem with this technique is that, though you initiated it all by clicking the malicious url but still it gets rendered back to you by the trusted site only and hence your system allows access to cookies etc thinking that its a trusted page by the trusted site. So this technique is only successful if the trusted site is vulnerable to such attack.

What if the trusted site would have rejected the url's by identifying that its malicious.

XSS attack Protection

Trusted sites have to protect itself from such attack as you can't educate everyone not to click such malicious urls. One best way is to keep filtering url and url parameters before renederd back to client. They can be filtered using Web filters , using JSTL tags ( escaping html tags ) , filtering JSPs etc.

 even browsers have started coming up with XSS protection ie they wont execute the script which they feel suspicious.

3 level protection to counter XSS attack -

1. Users shouldn't click malicious url.
2. Trusted sites should immune themselves from such attack by having url filters.
3. Browser should be smart enough to understand that its an XSS attack and hence should disable it.