Why Are JavaScript Attacks So Dangerous?

Discussion in 'other security issues & news' started by lotuseclat79, Oct 28, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
  2. guest

    guest Guest

    I wonder if ScriptSafe really does something. I know that NoScript is powerful, but Chrome users only have ScriptSafe and ScriptBlock, in which ScriptSafe works better for me.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Chrome has an Anti-XSS Filter built-in as well.
     
  4. guest

    guest Guest

    Well yes, but, what about ScriptSafe itself? How much the contribution it gives to protect its users from javascript exploits?

    Eh, I answer my own question. The various HOSTS files must have a purpose and from what I can tell, ScriptSafe does its job just fine, javascript filtering. If we allowed javascript in a hijacked webpage, then there's still Chrome's sandbox.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    The video was about the less common but more dangerous persistent xss. Here's an excellent video fully demonstrating it where the fictional victim's cookie is stolen to access his bank account:

    -http://www.youtube.com/watch?v=foTEOsJuR4c

    ..notice how the script executes "silently" (around the 9:25 mark) when the victim simply navigates to his message inbox.
     
  6. guest

    guest Guest

    @wat0114

    Is there a way to mitigate it? I assume that if we whitelisted the bank's website, the malicious script would be allowed to execute as well.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Scripting control in the browser is probably the best way, especially Firefox' NoScript. Also I think most browsers have some sort of XSS control built in, with varying degrees of effectiveness. Fortunately non-persistent xss is the most common, which normally involves social engineering to pull off, convincing the target victim to click on a malicious link in an email or webpage, so of course never access sites through email or similar links, instead access them directly.

    As for the persistent type (less common, more dangerous), one has to hope the website administrator has taken all the proper steps to escape user editable field values on the server.

    BTW, the banking attack example was a pretty extreme case, because no bank worth their salt will use http and message boards, but it does illustrate how easily xss can be pulled off if, as the individual in the first video states, even one oversight is made in properly escaping javascript coding on the website.
     
Loading...
Thread Status:
Not open for further replies.