Jump to content
Aerosol

HTML5 Modern Day Attack And Defence Vectors

By Aerosol, in Securitate web

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

Table of Contents
Abstract.........................................................................................................................................................1
1. Introduction..........................................................................................................................................2
1.1 Form Validation in HTML 4 ...........................................................................................................2
1.2 Form Validation in HTML5 ............................................................................................................3
2. HTML5 Security Concerns.....................................................................................................................4
2.1 Web Storage Attacks.....................................................................................................................4
3.1 Session Storage .............................................................................................................................5
3.2 Local Storage.................................................................................................................................5
3.3 localStorage API ............................................................................................................................6
3.3.1 Adding an Item..................................................................................................................6
3.3.2 Retrieving Items................................................................................................................6
3.3.3 Removing an Item .............................................................................................................6
3.3.4 Removing All Items............................................................................................................6
3.4 Session Storage API.......................................................................................................................7
3.4.1 Adding An Item..................................................................................................................7
3.4.2 Retrieving An Item.............................................................................................................7
3.4.3 Removing An Item.............................................................................................................7
3.4.4 Removing All Items............................................................................................................7
3.5 Security Concerns with Web Storage in HTML5 ...........................................................................7
3.6 Stealing Local Storage Data via XSS ..............................................................................................8
3.7 Stored DOM Based XSS Attacks....................................................................................................9
3.8 Example of a DOM Based XSS .....................................................................................................10
4. WebSockets Attacks ...........................................................................................................................11
4.1 Security Concerns of WebSockets Attacks..................................................................................11
4.1.1 Denial of Service Issues...................................................................................................11
4.1.2 Denial of Service on the Client Side ................................................................................11
4.1.3 Denial of Service on the Server Side ...............................................................................12
4.1.4 Data Confidentiality Issues..............................................................................................12
4.1.5 Cross-Site Scripting Issues in WebSocket........................................................................13
4.1.6 WebSocket Cross-Site Scripting Proof of Concept..........................................................13
4.1.7 Proof of Concept of WebSocket XSS ...............................................................................14
4.1.8 Origin Header..................................................................................................................15
5. XSS with HTML5 Vectors.....................................................................................................................16
5.1 Case 1 – Tags Blocked .................................................................................................................16
5.2 Case 2 - Attribute Context...........................................................................................................16
5.2.1 Example...........................................................................................................................16
5.3 Case 3 – Formaction attribute ....................................................................................................18
6. Cross Origin Resource Sharing (CORS)................................................................................................19
6.1 What is an Origin?.......................................................................................................................19
6.2 Crossdomain.xml.........................................................................................................................19
6.3 What is CORS?.............................................................................................................................20
6.3.1 Example...........................................................................................................................20
6.3.2 Security Issue...................................................................................................................20
6.3.3 Example...........................................................................................................................20
6.3.4 Example...........................................................................................................................20
6.3.5 Proof of Concept .............................................................................................................22
7. GeoLocation API..................................................................................................................................23
7.1 Introduction ................................................................................................................................23
7.2 Security Concerns........................................................................................................................23
7.2.1 Example...........................................................................................................................23
7.2.2 Proof of Concept .............................................................................................................24
7.2.3 Chrome............................................................................................................................24
7.2.4 Firefox..............................................................................................................................24
8. Client Side RFI Includes.......................................................................................................................26
8.1 Vulnerability Example .................................................................................................................26
8.2 Example.......................................................................................................................................27
8.3 Request .......................................................................................................................................28
8.4 Safer Example .............................................................................................................................28
8.5 Open Redirects............................................................................................................................29
8.5.1 Example...........................................................................................................................29
9. Cross Window Messaging...................................................................................................................30
9.1 Sender’s Window........................................................................................................................30Copyright© 2014 RHA InfoSEC. All rights reserved. Page iv
9.2 Receiver’s Window......................................................................................................................30
9.3 Security Concerns........................................................................................................................31
9.3.1 Origin not being checked ................................................................................................31
9.3.2 Impact .............................................................................................................................31
9.3.3 DOM Based XSS...............................................................................................................31
9.3.4 Vulnerable Code..............................................................................................................32
10. Sandboxed Iframes.............................................................................................................................33
10.1 Security Concerns........................................................................................................................33
11. Offline Applications ............................................................................................................................34
11.1 Example.......................................................................................................................................34
11.2 Security Concerns........................................................................................................................35
12. WebSQL ..............................................................................................................................................37
12.1 Security Concerns........................................................................................................................37
12.2 SQL Injection ...............................................................................................................................37
12.3 Insecure Statement.....................................................................................................................37
12.4 Secure Statement........................................................................................................................38
12.5 Cross Site Scripting......................................................................................................................39
12.5.1 Example...........................................................................................................................40
13. Scalable Vector Graphics....................................................................................................................41
14. Webworkers........................................................................................................................................44
14.1 Creating a Webworker................................................................................................................44
14.1.1 Sending/Receiving a Message to/from Webworker.......................................................44
14.2 Cross Site Scripting Vulnerability ................................................................................................46
14.2.1 Example...........................................................................................................................46
14.3 Distributed Denial of Service Attacks..........................................................................................47
14.4 Distributed Password Cracking ...................................................................................................50
15. Stealing Personal Data Stored With Autocomplete Function ............................................................52
15.1 Example: Autocomplete Attribute in Action...............................................................................52
16. Scanning Private IP Addresses............................................................................................................54
16.1 WebRTC.......................................................................................................................................54
17. Security Headers to Enhance Security with HTML5 ...........................................................................56
17.1 X- XSS-Protection ........................................................................................................................56
17.2 X-Frame-Options.........................................................................................................................56
17.3 Strict-Transport-Security.............................................................................................................57
17.3.1 Example...........................................................................................................................58
17.4 X-Content-Type-Options.............................................................................................................58
17.4.1 Example...........................................................................................................................58
17.4.2 Example...........................................................................................................................59
17.5 Content-Security-Policy ..............................................................................................................59
17.5.1 Sample CSP......................................................................................................................60
Acknowledgements.....................................................................................................................................61
References ..................................................................................................................................................62

Read more: http://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...