Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS fame
Posted by: lpilorz
Date: January 05, 2007 02:17PM

It seems that XSS is so famous, that those old buffer overflows are forgotten. For a few days the only thing I can see in information services is PDF and Quicktime XSS. At the same time, Quicktime has 0-day buffer overflow exploit, and I hear nothing about it ( http://projects.info-pull.com/moab/MOAB-01-01-2007.html ). Of course I'm not telling that XSS shouldn't be discussed so widely - it definetely should!

I have installed Quicktime to test pdp's ideas, and suddenly found out I have just made my browser vulnerable to much more extent than I expected (fortunately I try to keep work and test machines separate). I wonder if black hats will some day release XSS worm just to drive the world's attention away from the real attack ;)

Options: ReplyQuote
Re: XSS fame
Date: January 06, 2007 01:13PM

From what I understand, buffer overflows work at a much lower level, and thus are harder to understand. Correct me if I'm worng, but you need to noodle around with the registers, which is not something you would normally do while programming. XSS, on the other hand, can be crafted using the exact same techniques you'd use to make a legitimate AJAX application, with a little extra domain knowledge in terms of obfuscation and browser quirks.

HTML Purifier - Standards Compliant HTML filtering

Options: ReplyQuote
Re: XSS fame
Posted by: kuza55
Date: January 06, 2007 11:22PM

Ambush Commander Wrote:
-------------------------------------------------------
> From what I understand, buffer overflows work at a
> much lower level, and thus are harder to
> understand. Correct me if I'm worng, but you need
> to noodle around with the registers, which is not
> something you would normally do while programming.

Sure buffer overflows work at a much lower level, and its necessary to know how the system handles memory to exploit it, be it how the stack is organised or how the OS's implementation of malloc() works, but if you're a kernel developer this is probably your bread and butter, so to speak, whereas you wouldn't have a clue as to how to write an AJAX app (not that you couldn't learn, but you know what I mean).
But they aren't particularly hard to understand, e.g. in stack based buffer overflows, all you need to do is overwrite the return pointer or similar, so that the OS returns execution back to the code you've injected into memory, rather than where it normally would. Sure there are a bunch of security restrictions and things to circumvent, but its the same with XSS filter evasion, etc.

Also, there's really no need to play around with registers, AFAIK you shouldn't be able to touch the registers without already being able to arbitrarily execute code, but I could be wrong since this isn't exactly my area of expertise....

Options: ReplyQuote
Re: XSS fame
Posted by: digi7al64
Date: January 07, 2007 02:18AM

@Ambush Commander

If you only ever read one article on BoF's, make sure it is this one.

http://insecure.org/stf/smashstack.html

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote


Sorry, only registered users may post in this forum.