Transparency
Par Cédric PERNET, mercredi 6 février 2008 à 12:01 :: General :: #209 :: rss
If you're dealing with web server security, you might already know the XSSED website. It is focused on providing XSS vulnerabilities found on web servers, information that are provided by numerous contributors only identified by their nicknames. If you don't know what an XSS (also known as Cross-site Scripting) vulnerability is, I'll try making it short.
First, I should say this kind of vulnerability is one of the most basic (with SQL Injection) and common that you can find on web servers. It consists of "injecting" javascript and/or html into a web server. It is mainly done by adding specific data into the usual URL.
Let's say there's a website called www.websiteX.com, with this URL shown in the browser:
http://www.websiteX.com/index.php?page=2
This basically tells the browser to connect to index.php and to set and send a value "2" for the variable "page". Now if I change this value, and set it to 3 for example (http://www.websiteX.com/index.php?page=3), then my browser shows me another page. Once again, I won't dive into details about PHP or any other technique. Let's just imagine some PHP scripts are handling the infos you send them quite badly, allowing the execution of remote code.
So now what if I put strange values to the variable page, or even...some javascript code ? Like this : http://www.websiteX.com/index.php?page=<script>alert("hello world");</script>
Whoaaah, the result is what I expected : a popup appears, containing the text "hello world". Now we know this index.php script is handling the variable "page" very badly. We could go on and do nastier things, but this is not the point. But if you want to know more, XSSED is a good starting link. You can even be warned when a vulnerability is found on one of your own domain, including all its subdomains, which is an interesting (but not sufficient) feature to start protecting your perimeter.
Recently, xssed.com and xssing.com announced they were now affiliated and working together. XSSing.com is also specialised on XSS techniques. Publishing XSS vulnerabilities about other people you don't necessary know is one thing. But today, someone called ZuLL reported a vulnerability directly found on the xssing.com website.
Now, this is a called transparency! 