Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications. This
vulnerability makes it possible for attackers to inject
malicious code (e.g. JavaScripts) into a victim's web browser.
Using this malicious code, the attackers can steal the victim's
credentials, such as cookies. The access control policies (i.e.,
the same-origin policy) employed by the browser to protect those
credentials can be bypassed by exploiting the XSS vulnerability.
Vulnerabilities of this kind have been exploited to craft
powerful phishing attacks and browser exploits.
To demonstrate what attackers can do by exploiting XSS
vulnerabilities, we have set up a web application named Elgg in
our pre-built Ubuntu VM image. Elgg is a very popular
open-source web application for a social network, and it has
implemented a number of countermeasures to remedy the XSS
threat. To demonstrate how XSS attacks work, we have commented
out these countermeasures in Elgg in our installation,
intentionally making Elgg vulnerable to XSS attacks. Without the
countermeasures, users can post any arbitrary message, including
JavaScript programs, to the user profiles. In this lab, students
need to exploit this vulnerability to launch an XSS attack on
the modified Elgg, in a way that is similar to what Samy Kamkar
did to MySpace in 2005 through the notorious Samy worm. The
ultimate goal of this attack is to spread an XSS worm among the
users, such that whoever views an infected user profile will be
infected, and whoever is infected will add you (i.e., the
attacker) to his/her friend list.
Please find the lab description here. The version of HTTP Header Live (v 0.6 - Last Updated April 9, 2018) installed on the VM does not comply with this security guideline, so it was automatically disabled. The issue can be easily resolved by installing the latest version of HTTP Header Live (v 0.6.5.1 - Last Updated May 25, 2019).
Please write your lab report according to the description. Please also list the important code snippets followed by your explanation. You will not receive credit if you simply attach code without any explanation. Upload your answers as a PDF to blackboard.
Most content taken from Wenliang Du.
This work is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.0 International License. A human-readable summary of (and not a substitute for) the license is the following: You are free to copy and redistribute the material in any medium or format. You must give appropriate credit. If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. You may not use the material for commercial purposes.