Wednesday, January 30, 2008

We need to secure gnizr

Since I have a little bit of web security background, I thought I would assess the security incorporated in this application. Turns out that it failed even the basic XSS test.

Web 2.0 involves combined efforts from all users of the internet. But this makes it even more necessary that we respect their privacy and ensure security of their accounts.

Demo
This is the simplest possible form of XSS.

Blogged with Flock

Posted by at
Labels:

4 comments:

Harry Chen said...

Kishor,

Thank you for spotting this issue. I think you are right that we should perform additional security tests against gnizr.

I will submit the problem you have reported in the gnizr Issue Tracker.

I took a look at your JavaScript code. Executing it only reveals some cookie information that is expected to be readable by the end users. No remote database information is being revealed or modified. If you can find other ways to corrupt gnizr DB on the remote server or catch other user login info, please let me know.

January 30, 2008 at 1:58 PM
Kishor said...

Imagine what will happen if you clicked on the link that I sent to you. I will be able to read YOUR session cookie and steal it. The demo does not show the stealing part of it. This is how xss works. It almost always tries to steal session info from client side.

January 30, 2008 at 2:41 PM
Harry Chen said...

Okay. If my understand is correct, this is how you can steal my login information...

1) Extend your JavaScript program to include some mechanism to send my cookie info to a remote host.

2) Publish a link to the new JavaScript program somewhere on the Web. For example, in a blog post or as a gnizr bookmark.

3) If by accident I click on that link, my cookie info will be automatically sent to the remote host. That's how you can steal my login info.

Am I correct?

January 30, 2008 at 2:54 PM
Kishor said...

Yeah thats right.

January 30, 2008 at 3:51 PM

Post a Comment

Subscribe to: Post Comments (Atom)