|
|
|
|
ATTACK DESCRIPTION
Lets compare XSS, XSRF and XSIO against a few parameters including 'trust'
Similarities:
Server side vulnerability is exploited
Trust is exploited
May affect users
Differences:
XSS : User has a trust for website and ? this trust is exploited
XSRF: Server has a trust for logged in user ? this trust is exploited
XSIO : Both the above types of trusts are exploited
How does this attack work?
The attacker exploits the style attribute in such a way that some part of the original page content
is replaced with an alternative image. An image that will be used by an attacker is already stored
at some remote location on the Internet. The attacker modifies some part of the stylesheet of the page
by providing 'style' attributes of the supplied image. This results in a new image exclusively
overlapping some part of the website.
<img src="http://site.com/images/image.gif"
style=position: absolute; left:10px; top:255px; />
Additionally, this image loaded at desired location on the page, can also have a hyperlink associated
with it and the hyperlink may point to some other location which is in the attacker's interest.
Examples
Example 1: A comment box of a popular news site allowing user to include images and style with
css. Though the comments are moderated before being displayed online, this is what is possible using the
"preview" option before submitting a comment. Image1 and 2 demonstrate a case of before and
after XSIO. Notice the logo on the top left corner getting replaced (actually being overlapped) by
an example image.
Image 1
Image 2
Example 2: This example is taken from http://www.disenchant.ch/
In this example, the website logo was replaced by inserting the adjoining code into the "About Me"
section of the MySpace profile editor page.
1: Myspace Original
2: Myspace After XSIO
Code:
1 <a href =”http://disenchant.ch”>
2 <img src = “http://disenchant.ch/powered.jpg ”
3 style = position:absolute; right:320px; top:90px ; />
</a> |
|
|
|
|
|
|
