Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

24 September 2005

Cross Site Scripting - XSS

Ok, I cannot find any good definition on XSS, so let me write my own one instead.
*** FIXME *** Cross Site Scripting (XSS): Is one of code injection attacks where the attacker inserts some code (or data in general) in a web server in order for that web server (or the victim's web browser) to show or execute that inserted data. *** FIXME ***.
There are three different types of XSS attacks according to wikipedia; however I am going to talk about the third type (Type number 2) here as it is the most interesting and dangerous.

Imagine a web forum where different users can post articles and comments etc. So an attacker can forge his post to contain some HTML tags or JavaScript in stead of clear text. So the result will be the execution of that HTML tags or JavaScript in the other forum visitors' browsers. This can be some HTML tag to redirect users to his own web page, or a JavaScript that can display an annoying message, steal the users session-ID (their logging to that forum), pop-up some window asking them about some info and then sending this info (like credit card number, email address, etc.) to some remote location.

This attack is not limited to web forums only as it can target any sites that takes input from users and displays this input later like blog comments, movies reviews, online web chatting systems, online computer games, etc. Emails can also carry such attacks but it may be called phishing, or Email fraud then.

Many solutions have been used in order to stop such attacks like disabling HTML tags or converting them to normal text before displaying them. Some forums use their own limited tags like [link:""] or [b] and [/b] etc.