An attacker can use XSS to send a malicious script to an unsuspecting user. The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.<\/p>\n
![\"xss1\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/xss1.png?w=900\")
<\/p>\n
So our task today is to get an alert on the web page to show that it\u2019s vulnerable to this type of attack. On the web page we are presented with a search box and that is all we have for this puzzle.<\/p>\n
![\"xss2\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/xss2.png?w=900\")
<\/p>\n
A common piece of Javascript that hackers use to find out if a page is vulnerable to XSS is alert(\u201cXSS\u201d). This small bit of code is asking the web page to show us an alert prompt so that we know the page is vulnerable. Let\u2019s try it. Enter the code in the search box and click on the Get This User button.<\/p>\n
$299 WILL ENROLL YOU IN OUR SELF PACED COURSE \u2013 LFS205 \u2013 ADMINISTERING LINUX ON AZURE!<\/a><\/p>\n This worked first time!!<\/p>\n Above is the alert message from injecting the Javascript into the page.<\/p>\n The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet<\/a>.<\/p>\n Also, it\u2019s crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user\u2019s cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers.<\/p>\n The OWASP ESAPI project<\/a> has produced a set of reusable security components in several languages, including validation and escaping routines to prevent parameter tampering and the injection of XSS attacks. In addition, the OWASP WebGoat Project<\/a> training application has lessons on Cross-Site Scripting and data encoding.<\/p>\n Thank for reading and don\u2019t forget to like, comment and of course, follow our blog. Until next time.<\/p>\n QuBits 2018-09-12<\/p>\n![\"xss3\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/xss3.png?w=900\")
<\/p>\n![\"xss4\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/xss4.png?w=900\")
<\/p>\nHow to Protect Yourself<\/h3>\n