Cross Site Scripting

Cross Site Scripting (XSS) is a name of one of the most common vulnerability in web applications. It's third in the list of the newest OWASP Top Ten document so it's essential to know how it works.

Browsers diplay the content of a website using a mix of HTML (HyperText Markup Language which is a core of a webpage) and JavaScript responsible for making things run in response of events (like clicking a button). Of course there are other essential elements like CSS to style the webpage but in order to perform a XSS attack we will only need HTML and Javascript.

Essence of XSS attack is to inject some malicous code (for example Javascript or other scripting language that can be opened in a browser) into the browser of client using vulnerable web application. That way, an attacker has an ability to execute any malicious code in victim's browser.

But why is it so powerul? Let's consider this example: You're running some simple WordPress website with small audience. As you don't want spammers to make comments under your posts, you enable the option to only publish comments allowed by yourself. In the meantime some malicous hacker wanted to destroy your webpage (who knows why but there are still people like that). He firstly tests if you really have to allow comments, and then injects into the comment box malicious JavaScript code that will steal cookies and send them to him. Now as you've got a notification that someone published a new comment, you open the WordPress admin page to see what someone has written. In the moment you view this comment, this malicous code steals your admin cookie and sends it to the attacker. Few hours later your site has been pawned.

Powefull, right? But enough story time for today, let's jump into some technical details.

Buffer Overflow

Exploiting a buffer overflow vulnerability is very creative and a bit difficult to understand as it takes many different parts of computer technology knowledge to understand and pull off an attack. But after mastering, it's such a powerfull skill, as there are still programs with that kind of vulnerability. In addtion it lets you better understand how computers and programs work.

Let's explore this topic together!

Content

  1. Introduction
  2. Memory
  3. Registers
  4. Buffer Overflow

Hash Functions

A hash function is a function that takes the input value, and from that input creates an output value different from the input. For any x input value, you will always receive the same y output value whenever the hash function is run.

f(x) = y

Diffie-Hellman and PGP

Alice and Bob - two friends from IRC (Internet Relay Chat) just learned about this powerful cipher that no computer can ever crack. As they're concerned about privacy of their conversations they want to implement it for everyday use. But they encountered one problem - they need to come up with secret key and as they are living 13516 km from each other they just can't talk about it in real life. They need to come up with a key through their messages. That's where Diffie-Hellman key exchange comes in.