Systematic XSS exploitation

Systematic XSS exploitation

Monday, July 27, 2009
Aureliano Calvo
Corelabs Technical Report

The cross-site scripting (XSS) vulnerabilities are usually overlooked and their impact is typically underestimated because its analysis requires security skills that are often absent in testers and developers. In this paper I introduce a tool that enables the decoupling of the exploitation and post-exploitation. The tool provides the means to turn a XSS vulnerability into a machine that receives payloads with post-exploitations actions written against a generic API; therefore allowing to asses the full potential of the vulnerability. In particular, I show how can exploited pages be used as vantage points for other kinds of attacks, such as exploitation of binary vulnerabilities and malware distribution. I also include full details into how the tool works and code for its critical functions. 

Related information

Projects
XSS Agent | Zombie 2.0: A web-application attack model

Publications

alert('A javascript agent') | Automated SQL Ownage Techniques (OWASP) | Automated SQL Ownage Techniques (CanSec)