Web and security vulnerabilities
cross site scripting
cross site request forgery
SQL injection
How the web works
Browser client -> url request -> server machine -> files, resources:php, servlets, jsp, script…
Cookies
Used to store state on user’s machine
if expires= NULL; this session only
GET.. cookie: name = value e.g., sessionToken = abc123
Web page contains both static and dynamic contents, e.g., JavaScript
– sent from a web site(s)
– Run on the user’s browser/machine
Web sites run applications(e.g., PHP) to generate response/page
– according to requests from a user/browser
– often communicate with back-end servers
Cross-Site Scripting(XSS)
if a website allows users to input content without controls, the attackers can insert malicious code as well
– social networking site, blogs, forums, wikis
– suppose a website echoes user-supplied data
e.g., his name, back to user on the html page
Suppose the browser sends to the site script type=”text/javascript” alert “Helloworld” /script as his “name”
A browser runs a script from a “good” site and a malicious script from a “bad” site
Malicious script can make forged requests to “good” site with user’s cookie
Basic Idea
establish session, send forged request, visit server, receive malilcious page
