Blog : Web Security Issues XSS,Directory Traversal
May25
To day, I spent my whole day to fix some of the security issues in newly built web application. It was interesting rather worth learning. Issue No: 1 XSS (Cross Site Scripting) The first vulnerability in my system was is Cross-site Scripting (XSS), which was found on different input parameters of the web site. XSS occurs when a webpage displays user input that is not properly validated, allowing a malicious user to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the page. When successful, XSS vulnerabilities can be used to manipulate or steal cookies, create requests that can be mistaken for another user, compromise confidential information, or execute malicious code on end user systems. You can read more about XSS from http://en.wikipedia.org/wiki/Cross-site_scripting We used an automated scan tool to find these issues. This tool will try to send java script code along with all parameters and see if it is executing in client browser, So all you can do it find the script and remove it or restrict user from proceeding with that parameter. How to fix it, Remove script from parameters, thats all we need to do, You can search for ’<’ or script or etc to find out the script and remove it, But some one can send script like c%2fsCrIpT%3e%3csCrIpT%3ealert(55162)%3c%2fsCrIpT% , so we need to find all the possibilities of scripting, I searched for following occurrences in all parameters
private static String[] shouldNotAllowStringInParam = {
“<”, “%3C”,”<”, “<″, “<″, “<″, “<″,
“<″, “<″, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“<”, “<”, “<”, “<”, “<”,
“\x3c”, “\x3C”, “\u003c”, “\u003C”,
“>”,”%3E”, “SCRIPT”,”..”
“<”, “%3C”,”<”, “<″, “<″, “<″, “<″, “<″, “<″, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “<”, “\x3c”, “\x3C”, “\u003c”, “\u003C”, “>”,”%3E”, “SCRIPT”,”..” Can you think of any other way of inserting script in the parameter….? You can replace these occurrences by empty string or forward to an error page.. Comments?? Issue 2 : Directory Traversal Vulnerability The goal of this attack is to access system files that are not intended to be accessible, such as password files or system logs. You can learn more about this issue from http://en.wikipedia.org/wiki/Directory_traversal Some time you might need to make a screen to download some file from file system and we might tend to put the full file path in a parameter to down load it, Never do it
Keep all the downloadable file a particular l folder or its sub folder, then provide sub folder path in input parameters |
|
|
|
Join Indian Community is USA |
|
Posted in Software /
Software category on May 25 2010, 10:36 AM 216 Views, 0 Comments, 1 Appreciations, Overall rating:  Tags: Web Security,XSS,Directory Traversal,Cross Site Scripting Post a comment | Appreciate this post | Report abuse | |
Comments |
