44 Hacking Exposed Web 2.0
However, by far the greatest evil thing that can be done with HTML injection is
mimicking the victimized user to the web application. This can still be done by reflecting
an insecure cross-domain policy file and using ActionScript??™s XML class to make HTTP
GET and POST requests and read the responses. In the next section, we describe how evil
an attack can be.
Step 2: Doing Something Evil
XSS is an attack on a user of web application that allows the attacker full control of the
web application as that user, even if the web application is behind a firewall and
the attacker can??™t reach it directly. XSS generally does not result in compromising the
user??™s machine or the web application server directly. If successful, the attacker can do
three things:
??? Steal cookies
??? Mimic the web application to the victimized user
??? Mimic the victimized user to the web application
Stealing Cookies
Cookies generally carry access controls to web applications. If an attacker stole a victim
user??™s cookies, the attacker could use the victim??™s cookies to gain complete control of the
victim??™s account. It is best practice for cookies to expire over a certain amount of time.
Pages:
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122