Log 0.3 – Spook Scare
I opened my eyes and sat up. I found myself in a square room with no windows and bare white walls. My head was hurting like hell! A thinly built man stood in front of me. He was wearing a black coat. I flapped by eyelids a couple of times as my eyes attempted to focus in the bright-lit room. “Am I dead?†“No†the man responded. His voice was deep and echoed off the walls. “It’s been to long Michaelâ€. “How do you know my name?†“Lets get out of here and get a bite to eat. I’ll explain everything over dinner.â€
What the hell was going on! Who was this guy! Where the heck was I. I felt a horrible sinking feeling in my stomach. This looked like some kind of prison cell. Desperately, I began listing all my activities over the past few weeks. What had I done? A ray of light suddenly yielded a possible answer. It was that damn Cross Site Scripting paper.
I had released a whitepaper on persistent XSS exploitation, titled, “Awakening the sleeping giantâ€. It discussed various exploitation techniques to bypass application filtering. It also detailed an array of attack scenarios in which to utilise these exploits. This included attacks such as JavaScript port scanning and HTTP(s) brute forcing. It was now possible for script kiddies to gain access to hundreds of thousands of computer systems, using JavaScript and URL based exploits or browser based vulnerabilities. I also made the point that we may see an increase in JavaScript exploit code where shellcode is embedded within JavaScript rather then in a traditional Perl or C exploit. This would allow hackers to use Cross Site Scripting as a catalyst or vehicle to gain access to networks behind firewalls and other security mechanisms.
References:
- http://michaeldaw.org/projects/awakening-the-sleeping-giant-v10/
- http://en.wikipedia.org/wiki/Cross_site_scripting
- http://www.gnucitizen.org/projects/attackapi
- http://p.ulh.as/xploitsdb/NT/6078.html
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Computer Maintenance London Data Disaster Recovery Plan Computer Network Services UK IT Support London…
Like with most machines and gadgets, your computer requires regular maintenance. Maintenance ensures that your computer gives you years of trouble-free service….