ZHANG Ming,SHI Yong,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2013.04.011

2013-01-01

Abstract:Cross-site scripting is to inject script content in the user's browser through several attacks.A novel client-side approach is proposed to prevent XSS attacks at the basis of existing research.Through a static constraint analysis based on JavaScript Abstract syntax tree,a constraint system for sensitive information is constructed,which can be used to dynamic tracking tainted data and successfully stop the execution of malicious script.This technique has good flexibility and scalability in that it improves the security of web browser,meanwhile,doesn't need to modify the server-side codes.

Si-yuan XU,Tao ZHENG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.18.051

2011-01-01

Abstract:Cross-site Scripting(XSS) attack can attack a user's Web browser when the user visits Web applications which evil scripting code is injected into.According to the problem proposed above,this paper makes a research on the server-client cooperation XSS defense method.When uses methods such as policy file,Document Object Model(DOM) integrity test and scripting obfuscation monitor,it can ehance the detection efficiency and accuracy.Experimental results show that,this method can get good attack defense effect.

Yanpeng Cui,Junjie Cui,Jianwei Hu

DOI: https://doi.org/10.1145/3383972.3384027

2020-02-15

Abstract:With the popularity of web technology, web applications become more increasingly vulnerable and are exposed to malicious attacks. Cross Site Scripting(XSS) is a typical attack in web applications. When a vulnerability is exploited, an attacker may perform session-hijacking, cookie-stealing, malicious redirection and malware spreading. It is essential to implement detect and defend against XSS attacks. In this paper, we focus on XSS attacks and give an introduction of its injection, detection and prevention. Firstly, we introduced the attack principle of different types of XSS, and then investigated and introduced some existing XSS detection and defense methods. In addition, we compared existing XSS detection and defense methods. Finally, we discuss existing issues and estimate future research trends.

Libo Cao,Tianjie Cao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.08.064

2015-01-01

Abstract:Cross-site scripting ( XSS) vulnerability is one the top web application vulnerabilities.In the paper, we analyse the inadequacy of existing dynamic analysis methods in detecting XSS vulnerability and propose a high-efficiency detection method.Before using attack vectors to test, we first submit legal vectors for testing in order to exclude the pages definitely without XSS vulnerabilities and to collect the information about input points, output points and the types of output points.In the process of testing with attack vectors, it just needs to submit the correlated attack vectors according to output point type for further testing, and avoids traversing all the attack vectors.In addition, by looking for the specific data in corresponding page of output points only, it is able to effectively avoid traversing all the pages.Experiment proves that the proposed method is very effective in improving the efficiency of XSS vulnerability detection.

Zhang Huilin,Ding Yu,Zhang Lihua,Duan Lei,Zhang Chao,Wei Tao,Li Guancheng,Han Xinhui

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160443

2016-01-01

Abstract:SQL injection attacks are prevalent Web threats .Researchers have proposed many taint analysis solutions to defeat this type of attacks ,but few are efficient and practical to deploy .In this paper ,we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF‐8 encodings .Unlike typical positive taint analysis solutions that taint all characters in hard‐coded strings written by the developer ,we only taint the trusted sensitive characters in these hard‐coded strings .Furthermore ,rather than modifying Web application interpreter to track taint information in extra memories ,we encode the taint metadata into the bytes of trusted sensitive characters ,by utilizing the characteristics of UTF‐8 encoding .Lastly ,we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks ,without parsing the SQL statements .A prototype called PHPGate is implemented as an extension on the PHP Zend engine .The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1 .6% ) .

Zhixin Sun,Xubin Wang,Yuhua Xu

DOI: https://doi.org/10.1109/SWC57546.2023.10448993

2023-08-28

Abstract:Presently power network security attacks occur frequently, data security and privacy communication are facing a major threat, and secure data communication is imminent. Aiming at the injection attack type of Cross-site scripting attack(XSS), we analyze it and design a hybrid dynamic testing technology method. SVM is combined to build a discriminator to distinguish malignant scripts. Browser tools are used to simulate attacks and built-in script execution functions are used to continuously monitor the target attribute values and page status, dynamically discover malicious content, and improve source code security. Experiments show that this method is effective for vulnerability detection. It has low overhead in the process of implementing dynamic testing and effectively improves the accuracy of vulnerability analysis combined with static content analysis.

Computer Science

B. B. Gupta,Shashank Gupta,Pooja Chaudhary

DOI: https://doi.org/10.4018/978-1-5225-3422-8.ch009

2018-01-01

Abstract:This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

Lihua Zhang,Yu Ding,Chao Zhang,Lei Duan,Zhaofeng Chen,Tao Wei,Xinhui Han

2016-01-01

Abstract:SQL injection has a long history as a dangerous threat, grabbing lots of security researchers’ attentions. However, it is still ranked the first of the ten most dangerous web application threats by OWASP since 2008, indicating a big gap between researches and industry practice. Most SQL injection vulnerabilities are introduced by ignorance or negligence, so a good protection solution should be “fool-proof”. To be used in day-to-day deployment, it should also have little performance overhead. In this paper, we propose a white-delimiter-tracking defense solution against SQL injections: unlike typical taint-tracking solutions that track user inputs or all SQL related strings hard-coded in web applications, we only track the SQL delimiters in these hard-coded strings, and only allow these delimiters to be used in the final SQL statements. Furthermore, instead of allocating extra shadow memory for taint tracking, we encode the tracking information directly into the same byte as the delimiters by utilizing the characteristics of UTF-8 encoding. This solution tracks much less data than existing solutions and keeps the accuracy of byte-level taint tracking. A prototype called PHPGate is implemented on the PHP Zend engine. PHPGate can protect UTF-8 encoding web applications from real world SQL injection attacks and only introduces a performance overhead less than 1.5%.

K. Selvamani,A. Duraisamy,A. Kannan

DOI: https://doi.org/10.48550/arXiv.1004.1769

2010-04-11

Abstract:Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. Cross-Site scripting Flaws occur when accessing information in intermediate trusted sites. Client side solution acts as a web proxy to mitigate Cross Site Scripting Flaws which manually generated rules to mitigate Cross Site Scripting attempts. Client side solution effectively protects against information leakage from the user's environment. Cross Site Scripting Flaws are easy to execute, but difficult to detect and prevent. This paper provides client-side solution to mitigate cross-site scripting Flaws. The existing client-side solutions degrade the performance of client's system resulting in a poor web surfing experience. In this project provides a client side solution that uses a step by step approach to protect cross site scripting, without degrading much the user's web browsing experience.

Cryptography and Security

DING Xiang,QIU Yin,ZHENG Tao

DOI: https://doi.org/10.3969/j.issn.1000.3842.2011.11.052

2011-01-01

Abstract:The wide-spread use of PHP in Web application development makes PHP Web application become the target of many malicious attackers.On the basis of this,through the modification of PHP interpreter and runtime libraries,the PHP Web applications can prevent SQL injection attack without the modification of the original applications.Different from traditional preventing method based on dynamic tainting,this paper uses the tainting mechanism based on trusted input tainting and SQL dialect-aware check method,solves many existing problems of traditional preventing methods.As a result,this method improves the preciseness of traditional preventing method,without any false positives.Experimental result shows that the method is precise and highly efficient,has little overhead for the PHP Web applications.

刘鑫,孙名松,唐亮

DOI: https://doi.org/10.3969/j.issn.1007-2683.2010.02.011

2010-01-01

Abstract:Aimed at the problem of Web subject to cross-site script attack more and more serious,in this paper a client-side system based on proxy has been designed,and implemented in the laboratory of Network Information Center.Through the analysis of the results,the system can automatic ally detect reflex XSS attack and storage XSS attack and send to database to be collected.

Abdelhakim Hannousse,Salima Yahiouche,Mohamed Cherif Nait-Hamoud

DOI: https://doi.org/10.1016/j.cosrev.2024.100634

2022-05-19

Abstract:Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the aim to secure web navigation and protect web applications against XSS attacks. The problem became worse with the emergence of advanced web technologies such as Web services and APIs and new programming styles such as AJAX, CSS3 and HTML5. While new technologies enable complex interactions and data exchanges between clients and servers in the network, new programming styles introduce new and complicate injection flaws to web applications. XSS has been and still in the TOP 10 list of web vulnerabilities reported by the Open Web Applications Security Project (OWASP). Consequently, handling XSS attacks became one of the major concerns of several web security communities. In this paper, we contribute by conducting a systematic mapping and a comprehensive survey. We summarize and categorize existent endeavors that aim to protect against XSS attacks and develop XSS-free web applications. The present review covers 147 high quality published studies since 1999 including early publications of 2022. A comprehensive taxonomy is drawn out describing the different techniques used to prevent, detect, protect and defend against XSS attacks. Although the diversity of XSS attack types and the scripting languages that can be used to state them, the systematic mapping revealed a remarkable bias toward basic and JavaScript XSS attacks and a dearth of vulnerability repair mechanisms. The survey highlighted the limitations, discussed the potentials of existing XSS attack defense mechanisms and identified potential gaps.

Cryptography and Security

Shashank Gupta,B. B. Gupta

DOI: https://doi.org/10.1007/978-981-10-8536-9_43

2018-01-01

Abstract:AbstractCross-Site Scripting (XSS) attack vectors are well-thought-out selected as a serious infection for contemporary HTML5 websites. In this paper, a novel server-side JavaScript feature injection-based design is proposed that relies on the concept of inserting the features of JavaScript in order to discover the variation between the stored and observed features in the HTTP response. In addition to this, injection of context-sensitive sanitization functions has also adopted by our design to detect the XSS attack vectors in HTML websites. The prototype of our design will be developed in Java as a server-side framework, and the experimental results of our proposed design on JSP websites will also be evaluated as further extension.

Enrico Bazzoli,Claudio Criscione,Federico Maggi,Stefano Zanero

DOI: https://doi.org/10.48550/arXiv.1410.4207

2014-10-16

Abstract:Since the first publication of the "OWASP Top 10" (2004), cross-site scripting (XSS) vulnerabilities have always been among the top 5 web application security bugs. Black-box vulnerability scanners are widely used in the industry to reproduce (XSS) attacks automatically. In spite of the technical sophistication and advancement, previous work showed that black-box scanners miss a non-negligible portion of vulnerabilities, and report non-existing, non-exploitable or uninteresting vulnerabilities. Unfortunately, these results hold true even for XSS vulnerabilities, which are relatively simple to trigger if compared, for instance, to logic flaws. Black-box scanners have not been studied in depth on this vertical: knowing precisely how scanners try to detect XSS can provide useful insights to understand their limitations, to design better detection methods. In this paper, we present and discuss the results of a detailed and systematic study on 6 black-box web scanners (both proprietary and open source) that we conducted in coordination with the respective vendors. To this end, we developed an automated tool to (1) extract the payloads used by each scanner, (2) distill the "templates" that have originated each payload, (3) evaluate them according to quality indicators, and (4) perform a cross-scanner analysis. Unlike previous work, our testbed application, which contains a large set of XSS vulnerabilities, including DOM XSS, was gradually retrofitted to accomodate for the payloads that triggered no vulnerabilities. Our analysis reveals a highly fragmented scenario. Scanners exhibit a wide variety of distinct payloads, a non-uniform approach to fuzzing and mutating the payloads, and a very diverse detection effectiveness.

Cryptography and Security

Mahmoud Mohammadi,Bill Chu,Heather Richter Lipford,Emerson Murphy-Hill

DOI: https://doi.org/10.1145/2896921.2896929

2018-04-03

Abstract:Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show that this technique can detect 0-day XSS vulnerabilities that cannot be found by static analysis tools. We will also show that our approach can efficiently cover a common type of XSS vulnerability. This approach can be generalized to test for input validation against other types injections such as command line injection.

Cryptography and Security

Faezeh Kalantari,Mehrnoosh Zaeifi,Tiffany Bao,Ruoyu Wang,Yan Shoshitaishvili,Adam Doupé

DOI: https://doi.org/10.48550/arXiv.2204.08592

2022-04-29

Abstract:Cross-site scripting (XSS) is the most common vulnerability class in web applications over the last decade. Much research attention has focused on building exploit mitigation defenses for this problem, but no technique provides adequate protection in the face of advanced attacks. One technique that bypasses XSS mitigations is the scriptless attack: a content injection technique that uses (among other options) CSS and HTML injection to infiltrate data. In studying this technique and others, we realized that the common property among the exploitation of all content injection vulnerabilities, including not just XSS and scriptless attacks, but also command injections and several others, is an unintended context switch in the victim program's parsing engine that is caused by untrusted user input. In this paper, we propose Context-Auditor, a novel technique that leverages this insight to identify content injection vulnerabilities ranging from XSS to scriptless attacks and command injections. We implemented Context-Auditor as a general solution to content injection exploit detection problem in the form of a flexible, stand-alone detection module. We deployed instances of Context-Auditor as (1) a browser plugin, (2) a web proxy (3) a web server plugin, and (4) as a wrapper around potentially-injectable system endpoints. Because Context-Auditor targets the root cause of content injection exploitation (and, more specifically for the purpose of our prototype, XSS exploitation, scriptless exploitation, and command injection), our evaluation results demonstrate that Context-Auditor can identify and block content injection exploits that modern defenses cannot while maintaining low throughput overhead and avoiding false positives.

Cryptography and Security

Xiarun Chen,Qien Li,Zhou Yang,Yongzhi Liu,Shaosen Shi,Chenglin Xie,Weiping Wen

DOI: https://doi.org/10.1109/trustcom53373.2021.00112

2021-01-01

Abstract:The automatic detection of vulnerabilities in Web applications using taint analysis is a hot topic. However, existing taint analysis methods for sanitizers identification are too simple to find available taint transmission chains effectively. These methods generally use pre-constructed dictionaries or simple keywords to identify, which usually suffer from large false positives and false negatives. No doubt, it will have a greater impact on the final result of the taint analysis. To solve that, we summarise and classify the commonly used sanitizers in Web applications and propose an identification method based on semantic analysis. Our method can accurately and completely identify the sanitizers in the target Web applications through static analysis. Specifically, we analyse the natural semantics and program semantics of existing sanitizers, use semantic analysis to find more in Web applications. Besides, we implemented the method prototype in PHP and achieved a vulnerability detection tool called VulChecker. Then, we experimented with some popular open-source CMS frameworks. The results show that Vulchecker can accurately identify more sanitizers. In terms of vulnerability detection, VulChecker also has a lower false positive rate and a higher detection rate than existing methods. Finally, we used VulChecker to analyse the latest PHP applications. We identified several new suspicious taint data propagation chains. Before the paper was completed, we have identified four unreported vulnerabilities. In general, these results show that our approach is highly effective in improving vulnerability detection based on taint analysis.

Yinzhi Cao,Vinod Yegneswaran,Phillip A. Porras,Yan Chen

2012-01-01

Abstract:Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of web pages, while drawing the ire of helpless users. To date, users across all the popular social networks, including Facebook, MySpace, Orkut and Twitter, have been vulnerable to XSS worms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two critical steps in the propagation path of an XSS worm: (i) DOM access to different views at the client side and (ii) unauthorized HTTP request to the server. As a result, although an XSS vulnerability is successfully exercised at the client, the XSS worm is prevented from successfully propagating to the would-be victim’s own social network page. PathCutter is effective against all the current forms of XSS worms, including those that exploit traditional XSS, DOM-based XSS, and content sniffing XSS vulnerabilities. We present and evaluate both a server-side and proxyside deployment of PathCutter. We implement PathCutter on WordPress and Elgg and demonstrate its resilience against two proof-of-concept attacks. We also evaluate the PathCutter implementation on five real-world worms: Boonana, MySpace Samy, Renren, SpaceFlash, and the Yamanner worm. We show that although the worms themselves exploit different vulnerabilities, at either the client side or server side, they are successfully thwarted by PathCutter as it is vulnerability agnostic and blocks the propagation path of the infection. Our performance evaluation shows that rendering overhead of PathCutter is less than 4%, and memory overhead for one additional view is less than 1%.

Indushree M,Manjit Kaur,Manish Raj,Shashidhara R,Heung-No Lee

DOI: https://doi.org/10.3390/s22051959

2022-03-02

Abstract:Cross channel scripting (XCS) is a common web application vulnerability, which is a variant of a cross-site scripting (XSS) attack. An XCS attack vector can be injected through network protocol and smart devices that have web interfaces such as routers, photo frames, and cameras. In this attack scenario, the network devices allow the web administrator to carry out various functions related to accessing the web content from the server. After the injection of malicious code into web interfaces, XCS attack vectors can be exploited in the client browser. In addition, scripted content can be injected into the networked devices through various protocols, such as network file system, file transfer protocol (FTP), and simple mail transfer protocol. In this paper, various computational techniques deployed at the client and server sides for XCS detection and mitigation are analyzed. Various web application scanners have been discussed along with specific features. Various computational tools and approaches with their respective characteristics are also discussed. Finally, shortcomings and future directions related to the existing computational techniques for XCS are presented.

Zhushou Tang,Haojin Zhu,Zhenfu Cao,Shuai Zhao

DOI: https://doi.org/10.1109/infcomw.2011.5928954

2011-01-01

Abstract:XSS (Cross-Site Scripting) is a major security threat for web applications. Due to lack of source code of web application, fuzz technique has become a popular approach to discover XSS in web application except Webmail. This paper proposes a Webmail XSS fuzzer called L-WMxD (Lexical based Webmail XSS Discoverer). L-WMxD , which works on a lexical based mutation engine, is an active defense system to discover XSS before the Webmail application is online for service. The engine is initialized by normal JavaScript code called seed. Then, rules are applied to the sensitive strings in the seed which are picked out through a lexical parser. After that, the mutation engine issues multiple test cases. Newly-generated test cases are used for XSS test. Two prototype tools are realized by us to send the newly-generated test cases to various Webmail servers to discover XSS vulnerability. Experimental results of L-WMxD are quite encouraging. We have run L-WMxD over 26 real-world Webmail applications and found vulnerabilities in 21 Webmail services, including some of the most widely used Yahoo!Mail, Mirapoint Webmail and ORACLE' Collaboration Suite Mail.