Automatic generation of attack vectors for stored-XSS

doi:10.7523/j.issn.2095-6134.2012.6.014

›› 2012, Vol. ›› Issue (6): 815-820.DOI: 10.7523/j.issn.2095-6134.2012.6.014

Previous Articles Next Articles

Automatic generation of attack vectors for stored-XSS

CHEN Jing-Feng¹, WANG Yi-Ding¹, ZHANG Yu-Qing², LIU Qi-Xu²

1. North China University of Technology, Beijing 100144, China;
2. National Computer Network Instrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China

Received:2011-10-13 Revised:2011-12-19 Online:2012-11-15

Abstract

Abstract: The stored-XSS (cross-site scripting) is generally more serious than the other modalities of XSS. We study the characteristics and trigger mechanism of stored-XSS, propose an generation method of attack vectors for stored-XSS, and accomplish a tool which can generate the attack vectors automatically. After we used this tool in testing the blog systems of two popular video-sharing sites in China, we found 6 types of attcak vectors which can trigger stored-XSS. The results of the testing experiments show the effectiveness of our method and also show the potential security risk in the video-sharing sites.

Key words: stored-XSS, attack vector, Web security, vulnerability discovery

CLC Number:

TP393

CHEN Jing-Feng, WANG Yi-Ding, ZHANG Yu-Qing, LIU Qi-Xu. Automatic generation of attack vectors for stored-XSS[J]. , 2012, (6): 815-820.

References

[1] 新浪微博XSS攻击事件分析 [EB/OL](2011-08-30) [2011-09-22]. http://netsecurity.51cto.com/art/201108/287982.htm
[2] Galn E, Alcaide A, Orfila A, et al. A multi-agent scanner to detect stored-XSS vulnerabilities [C]//IEEE Internet Technology and Secured Transactions (ICITST). London, 2010: 1-6.
[3] Kieyzun A, Guo P J, Jayaraman K, et al. Ernst automatic creation of SQL injection and cross-site scripting attacks [C]//IEEE ICSE, Vancouver. Canada, 2009:199-209.
[4] Chen J Q, Zhang Y Q. Design and realization of web cross-site scripting vulnerability detection tool[J]. Computer Engineering, 2010, 36(6):152-157(in Chinese). 陈建青,张玉清. Web跨站脚本漏洞检测工具的设计与实现[J]. 计算机工程,2010,36(6):152-157.
[5] XSS (cross site scripting) cheat sheet [DB/OL]. [2011-09-02]. http://ha.ckers.org/xss.html.
[6] Tang Z S, Zhu H J, Cao Z F, et al. L-WMxD: lexical based Webmail XSS discoverer [C]//IEEE Computer Communications Workshops (INFOCOM WKSHPS). Shanghai, 2011:976-981.
[7] Qiu Y J. Study on techniques of cross-site scripting attack and defense [D]. Beijing: Beijing Jiaotong University, 2010(in Chinese). 邱勇杰. 跨站脚本攻击与防御技术研究 [D]. 北京:北京交通大学,2010.
[8] Gebre MT, Lhee K, Hong M. A robust defense against content-sniffing XSS attacks [C]//IEEE Multimedia Technology and its Applications (IDC). Barcelona, 2010:315-320.
[9] HTML4.0事件属性 [EB/OL]. [2011-09-20]. http://www.w3school.com.cn/html/html_eventattributes.asp.
[10] Stuttard D, Pinto M. The web application Hacker's handbook: discovering and exploiting security flaws[M]. America: Wiley Publishing Inc, 2008:406-410.
[11] Sutton M, Greene A, Amini P. Fuzzing brute force vulnerability discovery[M]. America: Pearson Education Inc, 2007:140-144.

Automatic generation of attack vectors for stored-XSS

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	DONG Ying, ZHANG Yuqing, YUE Hongzhou. Vulnerability exploitation for Joomla content management system [J]. , 2015, 32(6): 825-835.
[2]	LUO Cheng, ZHANG Yu-Qing, WANG Long, LIU Qi-Xu. Automatic network protocol analysis and vulnerability discovery based on symbolic expression [J]. , 2013, 30(2): 278-284.
[3]	WANG Xia-Li, ZHANG Yu-Qing. A behavior-based client defense scheme against XSS [J]. , 2011, 28(5): 668-675.