Wednesday, August 6, 2008

XSS Filter in IE 8.0

Finally Microsoft has come up an anti XSS security control in IE 8.0 (seen the news), which makes little tough for an attacker to exploit Reflected XSS (type 1), one of the most prominent vulnerability in the web based application. The feature I termed as “The XSS Filter”.

To give you a little brief about the type -1 XSS (reflected XSS)
Reflected attacks are those where the injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web server. When a user is tricked into clicking on a malicious link or submitting a specially crafted form, the injected code travels to the vulnerable web server, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a ‘trusted’ server.

Impact
Typical XSS exploits target the victim's cookies, transmitting them to the attacker so that the attacker can impersonate the victim on the vulnerable site. In general XSS allows attackers to execute script in the victim’s browser, which can Hijack user sessions Deface web sites, Insert hostile content, Conduct phishing attacks Take over the user’s browser One of the security software engineer (XSSFilter in IE8.0) who is working with IE 8.0 team has explained in detail about the functionality of XSS filter. XSS Filter -- How it Works The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing. With the new XSS Filter, IE8 Beta 2 users encountering a Type-1 XSS attack will see a notification like the following:









The page has been modified and the XSS attack is blocked. In this case the XSS Filter has identified a cross-site scripting attack in the URL. It has neutered this attack as the identified script was replayed back into the response page. In this way the filter is effective without modifying an initial request to the server or blocking an entire response.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)