Cross-station script attack (II)

Cross-station script attack (II)

Second, use e-mail for cross-station script attack

Cross-site script attacks are particularly easy to use on list servers, Usenet servers and mail servers. The following is a mynicesite.com website for example to say
Ming. Because you often browse this website, its content also really let you love not fondle admiringly, so unknowingly you change the browser to always trust this dynamic network
The setting of the station content.

Mynicesite.com websites always earn revenue by selling email addresses that subscribe to their email messages, which is a really bad idea. So I bought it.
A copy of the email address. A lot of emails were sent to you. In the letter I told you to visit this website as soon as possible and to check the latest information on your account usage. To make you feel
To my convenience, I have also made a link in this letter. I licked the script code in the username parameter in the link URL. Some customers click on this chain unconsciously
Then, in other words, on my own (pictured), I also benefited from it:


It works like this, and when you click on the link, the script code in the link will guide your browser to download my JavaScript program and execute
It. My script checks to see that you are using IE browser, and then start downloading the Acticex control ParticularlyNasty.dll. Because before you've put this site
The content is always secure, so that my script code and active controls can run freely on your machine.

Iii. description of the ActiveX attack

When discussing ActiveX, neither Cert nor Microsoft mentioned the dangers posed by the Cross-site script approach. Security of ActiveX in << Security FAQ >>
The question is explained in more detail. Java applets are severely restricted in their control of the system. When Sun developed it, it stipulated that only those who did not pose a threat to the security of the system
Only to be allowed to run.

On the other hand, ActiveX operations on the system are not strictly limited. If one is downloaded, you can do what they want to do like an executable program installed.
Cia For this feature, IE browser also made some restrictions, such as for those insecure sites, in its default settings will not allow you to download or will give you a warning
The hint. Companies that are developing based on ActiveX, such as the VeriSign Company, have numbered ActiveX controls. When you download the control, ie browse
The device will give you a warning and show how reliable it is. The user decides whether to trust the control. As a result, the security of the system increases.

However, for those users who have little experience, they often unconsciously modify the original settings so that they do not have any hint
was downloaded. In addition, for a novice, even in the case of a hint, you will not be able to download those controls without any markup. In the example that we have cited,
Because of your trust in the site, the browser's settings are changed so that the ActiveX control is downloaded without any hint, and unknowingly on your machine
Start running.

Four, 16-encoded ActiveX Script attacks

It is very difficult to distinguish between the labels and the script with bad intentions. The script can also hide itself in the form of 16. Let's take a look at the following
E-mail Example okay? It is sent out in the form of a 16:


This is almost a complete message containing a 16-forged URL parameter: sender=mynicesite.com. When the user clicks on the link, the user's browsing
Will immediately start the first instance of the process and pop-up the warning window.