SlideShare uma empresa Scribd logo

Blind xss

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

Researcher : Adam Baldwin Conference Presented : DEFCON 20 Flavor of cross site scripting, where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file).

Tecnologia
1 de 12
• Researcher : Adam Baldwin • Conference Presented :DEFCON 20
• Reflected • Persistent (stored) • DOM
• It is a flavor of cross site scripting, where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). • Then without knowing where the payloads have ended up, or if they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. • In-fact it would be BLIND-STORED XSS.
• Persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. • These are then “served” to other users as part of HTML page responses, without begin “sanitized” first.
• Payload gets sent to a database and all input in application are been stored somewhere and it going to be used by different tools. • Also going to be used in different contexts by different developers. • Could be minutes, days, months and even years when it executes (if it executes).... • Historical data. Good example would be chat sites etc... • Admin might think something is fishy with a users account, so the Admin could go back an look at the account - opened the database, opened the profile and rendered the payload in the page an call the XSS back to the attacker. • Targets: Log Viewers, Exception Handlers. Anywhere that an Admin or Owner can go back an view old records.
Link to tutorial • Demonstration that Adam Baldwin did at DEFCON 20 using xss.io to identify blind xss vectors, quickly build reusable exploits and use the referrer redirect feature to shorten payload length. • http://vimeo.com/46897322
• Don't mind me, I'm just going to hang out for a few decades until a programmer makes a mistake – But the fact is "Programmers will make the mistake"! • Some people previously called this unverified XSS and then explain how it can be verified through looking trough the Logs. • At the end of day the vulnerability is BLIND.
• Code Review and ensure that any user input is properly sanitized. – If this is not done, there is a risk that user input does not get scraped of any scripting tags before being saved to storage or served to the user’s browser. • Never trust data provided.

Recomendados

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
Ronan Dunne, CEH, SSCP
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Ronan Dunne, CEH, SSCP
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
Ronan Dunne, CEH, SSCP
 
Web fundamentals - part 1
Web fundamentals - part 1Web fundamentals - part 1
Web fundamentals - part 1
Bozhidar Boshnakov
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
Aditya Kamat
 
Web Fundamentals
Web FundamentalsWeb Fundamentals
Web Fundamentals
arunv
 
Unicode
UnicodeUnicode
Unicode
Ronan Dunne, CEH, SSCP
 
Automatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressAutomatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPress
Fresh Consulting
 

Recomendados

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
Ronan Dunne, CEH, SSCP
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Ronan Dunne, CEH, SSCP
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
Ronan Dunne, CEH, SSCP
 
Web fundamentals - part 1
Web fundamentals - part 1Web fundamentals - part 1
Web fundamentals - part 1
Bozhidar Boshnakov
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
Aditya Kamat
 
Web Fundamentals
Web FundamentalsWeb Fundamentals
Web Fundamentals
arunv
 
Unicode
UnicodeUnicode
Unicode
Ronan Dunne, CEH, SSCP
 
Automatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressAutomatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPress
Fresh Consulting
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1
Aditya Kamat
 
Java - ServletListeners
Java - ServletListenersJava - ServletListeners
Java - ServletListeners
Nitin Sharma
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack Presentation
Khoa Nguyen
 
Securing Your WordPress Website
Securing Your WordPress WebsiteSecuring Your WordPress Website
Securing Your WordPress Website
RightMix Technologies LLP
 
Web development tips and tricks
Web development tips and tricksWeb development tips and tricks
Web development tips and tricks
maxo_64
 
What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)
Amit Nirala
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2
sandeep54552
 
At Your Service - Abusing the Service Workers Web API
At Your Service - Abusing the Service Workers Web APIAt Your Service - Abusing the Service Workers Web API
At Your Service - Abusing the Service Workers Web API
Daniel Abeles
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
AWS Germany
 
Web servers
Web serversWeb servers
Web servers
webhostingguy
 
Php & web server performace
Php & web server performacePhp & web server performace
Php & web server performace
Tuyển Đoàn
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hosting
AK DigiHub
 
How to adapt MicroProfile API for generic Web applications
How to adapt MicroProfile API for generic Web applicationsHow to adapt MicroProfile API for generic Web applications
How to adapt MicroProfile API for generic Web applications
Kenji HASUNUMA
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
Jan Löffler
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
KuldeepPandya5
 
File uploads
File uploadsFile uploads
File uploads
penetration Tester
 
Proxy server
Proxy serverProxy server
Proxy server
Dlovan Salih
 
Web programming
Web programmingWeb programming
Web programming
Ishucs
 
SSL and Wordpress
SSL and WordpressSSL and Wordpress
SSL and Wordpress
Peg Perry
 
Secure Mashups
Secure MashupsSecure Mashups
Secure Mashups
kriszyp
 
Click jacking
Click jackingClick jacking
Click jacking
Ronan Dunne, CEH, SSCP
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
Ronan Dunne, CEH, SSCP
 

Mais conteúdo relacionado

Mais procurados

Web development tips and tricks
Web development tips and tricksWeb development tips and tricks
Web development tips and tricks
maxo_64
 
Php & web server performace
Php & web server performacePhp & web server performace
Php & web server performace
Tuyển Đoàn
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
Jan Löffler
 
Secure Mashups
Secure MashupsSecure Mashups
Secure Mashups
kriszyp
 

Mais procurados (20)

Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1
 
Java - ServletListeners
Java - ServletListenersJava - ServletListeners
Java - ServletListeners
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack Presentation
 
Securing Your WordPress Website
Securing Your WordPress WebsiteSecuring Your WordPress Website
Securing Your WordPress Website
 
Web development tips and tricks
Web development tips and tricksWeb development tips and tricks
Web development tips and tricks
 
What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2
 
At Your Service - Abusing the Service Workers Web API
At Your Service - Abusing the Service Workers Web APIAt Your Service - Abusing the Service Workers Web API
At Your Service - Abusing the Service Workers Web API
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
 
Web servers
Web serversWeb servers
Web servers
 
Php & web server performace
Php & web server performacePhp & web server performace
Php & web server performace
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hosting
 
How to adapt MicroProfile API for generic Web applications
How to adapt MicroProfile API for generic Web applicationsHow to adapt MicroProfile API for generic Web applications
How to adapt MicroProfile API for generic Web applications
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
 
File uploads
File uploadsFile uploads
File uploads
 
Proxy server
Proxy serverProxy server
Proxy server
 
Web programming
Web programmingWeb programming
Web programming
 
SSL and Wordpress
SSL and WordpressSSL and Wordpress
SSL and Wordpress
 
Secure Mashups
Secure MashupsSecure Mashups
Secure Mashups
 

Destaque

Destaque (20)

Click jacking
Click jackingClick jacking
Click jacking
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Qr codes
Qr codesQr codes
Qr codes
 
Blind XSS
Blind XSSBlind XSS
Blind XSS
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Jon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp CollaboratorJon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp Collaborator
 
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting EnginesWeb-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
 
File upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationFile upload vulnerabilities & mitigation
File upload vulnerabilities & mitigation
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
XML Attack Surface - Pierre Ernst (OWASP Ottawa)
XML Attack Surface - Pierre Ernst (OWASP Ottawa)XML Attack Surface - Pierre Ernst (OWASP Ottawa)
XML Attack Surface - Pierre Ernst (OWASP Ottawa)
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath Injections
 
Bypass file upload restrictions
Bypass file upload restrictionsBypass file upload restrictions
Bypass file upload restrictions
 
Xml external entities [xxe]
Xml external entities [xxe]Xml external entities [xxe]
Xml external entities [xxe]
 

Semelhante a Blind xss

Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
Jeremiah Grossman
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docx
richardnorman90310
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
Gitam Gadtaula
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
ThreatReel Podcast
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
jtmelton
 

Semelhante a Blind xss (20)

How to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteHow to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael Tremante
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Ch 12 Attacking Users - XSS
Ch 12 Attacking Users - XSSCh 12 Attacking Users - XSS
Ch 12 Attacking Users - XSS
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docx
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
XSS Injection Vulnerabilities
XSS Injection VulnerabilitiesXSS Injection Vulnerabilities
XSS Injection Vulnerabilities
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
 
4.Xss
4.Xss4.Xss
4.Xss
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Blind xss

  • 1.
  • 2.
  • 3. • Researcher : Adam Baldwin • Conference Presented :DEFCON 20
  • 4. • Reflected • Persistent (stored) • DOM
  • 5.
  • 6. • It is a flavor of cross site scripting, where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). • Then without knowing where the payloads have ended up, or if they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. • In-fact it would be BLIND-STORED XSS.
  • 7.
  • 8. • Persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. • These are then “served” to other users as part of HTML page responses, without begin “sanitized” first.
  • 9. • Payload gets sent to a database and all input in application are been stored somewhere and it going to be used by different tools. • Also going to be used in different contexts by different developers. • Could be minutes, days, months and even years when it executes (if it executes).... • Historical data. Good example would be chat sites etc... • Admin might think something is fishy with a users account, so the Admin could go back an look at the account - opened the database, opened the profile and rendered the payload in the page an call the XSS back to the attacker. • Targets: Log Viewers, Exception Handlers. Anywhere that an Admin or Owner can go back an view old records.
  • 10. Link to tutorial • Demonstration that Adam Baldwin did at DEFCON 20 using xss.io to identify blind xss vectors, quickly build reusable exploits and use the referrer redirect feature to shorten payload length. • http://vimeo.com/46897322
  • 11. • Don't mind me, I'm just going to hang out for a few decades until a programmer makes a mistake – But the fact is "Programmers will make the mistake"! • Some people previously called this unverified XSS and then explain how it can be verified through looking trough the Logs. • At the end of day the vulnerability is BLIND.
  • 12. • Code Review and ensure that any user input is properly sanitized. – If this is not done, there is a risk that user input does not get scraped of any scripting tags before being saved to storage or served to the user’s browser. • Never trust data provided.