XSS Shell by Vandan Joshi
1 like•3,854 views
This document discusses cross-site scripting (XSS) and introduces XSSShell, a tool that uses XSS vulnerabilities to execute commands on a victim's browser. It begins with an introduction to XSS and its risks, then outlines XSS types and demonstrates XSSShell by exploiting vulnerabilities in a demo application. The document aims to show how XSSShell works by establishing a server and injecting client-side JavaScript to create an administrative interface that can control infected browsers.
XSS Shell by Vandan Joshi
- 2. Introduction • Consultant – Information Security SecurEyes Techno Services Ltd • MBA in Networks and IT Infrastructure • Learner
- 3. AGENDA • Introduction • XSS Types • XSSShell • Demo
- 4. Cross Site Scripting Included in OWASP top 10 – 2010 Available at owasp.org
- 6. • Very easy to exploit • Widespread • Javascript Exploit • Vulnerable to any platform • Target – Users’ web browser • Considered as a script injection attack • Malicious scripts run onto the other browsers
- 7. Cross Site Scripting • Introduction • Impacts • Remediation that don’t work
- 8. Cross Site Scripting Demo • Reflective XSS • Stored XSS
- 9. • Demo by Hackersbank vulnerable application
- 10. XSS Shell • XSS Shell Server • The client Side Javascript • XSSShell’s Administrative interface
- 11. • XSSShell Demo by BeeF and Hackers Bank Application