Tuesday, July 13, 2010

Tema de casa - continuare

In continuarea postului anterior, nu pot sa inteleg cum poti sa ceri 800 de euro pe o licenta de magazin online care e vulnerabil la atacuri XSS.

Ca nu se zica ca nu fac critica constructiva, iata de ce e bine sa ne ferim de astfel de atacuri (fragment luat de pe aceeasi pagina de wiki):


1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and stores sensitive data, such as billing information.
2. Mallory observes that Bob's website contains a reflected XSS vulnerability.
3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob's website, but will contain Mallory's malicious code, which the website will reflect.
4. Alice visits the URL provided by Mallory while logged into Bob's website.
5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server (this is the actual XSS vulnerability). The script can be used to send Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc.) without Alice's knowledge.