Why XSS Vulnerabilities Do Matter…
“What matters in the end is that these products aren’t â€Å”defective†and not even truly insecure. They’ve been modified the way the language allows for them to be modified, no more no less.” – http://neosmart.net/blog/archives/194
I really like to temper my posts with politeness and general levels of respect, but I simply cannot in this case. Neosmart.com’s objections that XSS really is not a vulnerability areÂÂ both ludicrous and dangerous.
First, the insinuation above that states “they have been modified the way the language allows for them to be modified” is true, but is certainly not an accurate measure of vulnerability. Any language can be exploited if it can be used by another against the owner’s permission. The languages in question (server scripting technologies + html + javascript), offer tools to set and close these permissions. An XSS vulnerability is an expoit of failing to close those technologies appropriately.
Secondly, a vulnerability needn’t only impact the security of a server, but could impact the security of the company it represents…
“a tool in social engineering attacks and can never compromise the security of a server/host under any conditions nor that of an end-user on its own.” – http://neosmart.net/blog/archives/194
While an XSS vulnerabilty cannot take down your site, it can take down your company – without the user ever entering in data. Using XSS to perform HTML injection is a powerful method to make a site appear to say or do something that it does not. For example, one could use XSS to make a site appear to have pornographic material on it, killing its industry reputation. You could use XSS to make sites appear to have doorway pages on them to “Googlebowl”.
What really is at heart, though, is HTML injection. The problem is not javascript, or bad browsers, it is stupid programmers who do not sanitize input and output.
>>While an XSS vulnerabilty cannot take down >>your site
Where did you hear that? XSS vulnerabilities can take down your site or your whole server or even more. Search for “phpbb worm” for a good example.