Another attack trend of XSS vulnerabilities

Author: eggplant treasure

XSS vulnerabilities are generally caused by WEB application-based input and output. However, 80SEC has recently discovered a series of third-party browser vulnerabilities with IE as the kernel. In this case, XSS vulnerabilities are being evaluated, we have discovered how powerful an XSS vulnerability outbreak is caused by browser software!

Through a similar vulnerability, I tested a fully functional browser trojan which can control all browser behaviors, including reading arbitrary local files and running arbitrary local executable files. In fact, the permission of this trojan is equivalent to the permission of a locally opened HTML document. Here, AJAX has no domain restrictions and can send requests to any domain, window. open pop-up windows are no longer blocked by browsers, etc ~

The following describes the features of such attacks:

1. Nature of attacks:

In fact, this is a short piece of JAVASCRIPT. We only use the vulnerability to infect this section of JAVASCRIPT into the browsers of every user, but it is no longer subject to system restrictions, any vulnerable browser that accesses a similar page will be attacked.

2. channels of dissemination:

In terms of transmission mode, it is no different from traditional webpage Trojan attack methods. because such attacks have no domain restrictions on HTTP requests, including AJAX, they can use cookies locally saved by browsers, therefore, the identity of all WEB applications of a user can be hijacked. It can completely allow infected hosts to cooperate with applications of any website to spread worms.

3. hazards of attacks:

We can control a large number of browser bots like traditional botnets, and control browsers to perform arbitrary access behavior and actions.

At the same time, it can also launch penetration attacks against a single user, hijack the identity of all his WEB applications, and read arbitrary sensitive files running locally.

4. Attack prospects:

When overflow vulnerabilities such as Active X are no longer popular, it will be a big trend to hijack browsers using the XSS vulnerability in the future.