If the
attacker obtains only the session cookie but does not have this additional authentication
information, he will not be allowed to perform his desired action.
When an attacker loads a XSS proxy in a victim??™s web browser, he gains full control
over the victim??™s browser. Full control is maintained by the JavaScript proxy in two ways:
First, the proxy sends all of the victim??™s requests to the attacker so that the victim can be
easily monitored. Second, the proxy continuously listens for any commands from the
attacker, which will be executed in the victim??™s browser. Because an attacker can watch a
user??™s actions before sending any commands, even in the case of a XSS vulnerability that
occurs before authentication has taken place, the attacker can simply wait for the victim
to log in before performing any malicious actions. Furthermore, any additional security
precautions the site may have, such as tying the victim??™s session to an IP address or
requiring a client certificate, are now useless. By forcing the victim??™s browser to send the
requests, it appears to the site as though the victim user actually made the request. Once
a XSS proxy is loaded, an attacker can perform any of these attacks as long as the window
that launched the script remains open.
Pages:
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190