Jump to content
Sign in to follow this  
Aerosol

HTML5 Modern Day Attack And Defence Vectors

Recommended Posts

Table of Contents
Abstract.........................................................................................................................................................1
1. Introduction..........................................................................................................................................2
1.1 Form Validation in HTML 4 ...........................................................................................................2
1.2 Form Validation in HTML5 ............................................................................................................3
2. HTML5 Security Concerns.....................................................................................................................4
2.1 Web Storage Attacks.....................................................................................................................4
3.1 Session Storage .............................................................................................................................5
3.2 Local Storage.................................................................................................................................5
3.3 localStorage API ............................................................................................................................6
3.3.1 Adding an Item..................................................................................................................6
3.3.2 Retrieving Items................................................................................................................6
3.3.3 Removing an Item .............................................................................................................6
3.3.4 Removing All Items............................................................................................................6
3.4 Session Storage API.......................................................................................................................7
3.4.1 Adding An Item..................................................................................................................7
3.4.2 Retrieving An Item.............................................................................................................7
3.4.3 Removing An Item.............................................................................................................7
3.4.4 Removing All Items............................................................................................................7
3.5 Security Concerns with Web Storage in HTML5 ...........................................................................7
3.6 Stealing Local Storage Data via XSS ..............................................................................................8
3.7 Stored DOM Based XSS Attacks....................................................................................................9
3.8 Example of a DOM Based XSS .....................................................................................................10
4. WebSockets Attacks ...........................................................................................................................11
4.1 Security Concerns of WebSockets Attacks..................................................................................11
4.1.1 Denial of Service Issues...................................................................................................11
4.1.2 Denial of Service on the Client Side ................................................................................11
4.1.3 Denial of Service on the Server Side ...............................................................................12
4.1.4 Data Confidentiality Issues..............................................................................................12
4.1.5 Cross-Site Scripting Issues in WebSocket........................................................................13
4.1.6 WebSocket Cross-Site Scripting Proof of Concept..........................................................13
4.1.7 Proof of Concept of WebSocket XSS ...............................................................................14
4.1.8 Origin Header..................................................................................................................15
5. XSS with HTML5 Vectors.....................................................................................................................16
5.1 Case 1 – Tags Blocked .................................................................................................................16
5.2 Case 2 - Attribute Context...........................................................................................................16
5.2.1 Example...........................................................................................................................16
5.3 Case 3 – Formaction attribute ....................................................................................................18
6. Cross Origin Resource Sharing (CORS)................................................................................................19
6.1 What is an Origin?.......................................................................................................................19
6.2 Crossdomain.xml.........................................................................................................................19
6.3 What is CORS?.............................................................................................................................20
6.3.1 Example...........................................................................................................................20
6.3.2 Security Issue...................................................................................................................20
6.3.3 Example...........................................................................................................................20
6.3.4 Example...........................................................................................................................20
6.3.5 Proof of Concept .............................................................................................................22
7. GeoLocation API..................................................................................................................................23
7.1 Introduction ................................................................................................................................23
7.2 Security Concerns........................................................................................................................23
7.2.1 Example...........................................................................................................................23
7.2.2 Proof of Concept .............................................................................................................24
7.2.3 Chrome............................................................................................................................24
7.2.4 Firefox..............................................................................................................................24
8. Client Side RFI Includes.......................................................................................................................26
8.1 Vulnerability Example .................................................................................................................26
8.2 Example.......................................................................................................................................27
8.3 Request .......................................................................................................................................28
8.4 Safer Example .............................................................................................................................28
8.5 Open Redirects............................................................................................................................29
8.5.1 Example...........................................................................................................................29
9. Cross Window Messaging...................................................................................................................30
9.1 Sender’s Window........................................................................................................................30Copyright© 2014 RHA InfoSEC. All rights reserved. Page iv
9.2 Receiver’s Window......................................................................................................................30
9.3 Security Concerns........................................................................................................................31
9.3.1 Origin not being checked ................................................................................................31
9.3.2 Impact .............................................................................................................................31
9.3.3 DOM Based XSS...............................................................................................................31
9.3.4 Vulnerable Code..............................................................................................................32
10. Sandboxed Iframes.............................................................................................................................33
10.1 Security Concerns........................................................................................................................33
11. Offline Applications ............................................................................................................................34
11.1 Example.......................................................................................................................................34
11.2 Security Concerns........................................................................................................................35
12. WebSQL ..............................................................................................................................................37
12.1 Security Concerns........................................................................................................................37
12.2 SQL Injection ...............................................................................................................................37
12.3 Insecure Statement.....................................................................................................................37
12.4 Secure Statement........................................................................................................................38
12.5 Cross Site Scripting......................................................................................................................39
12.5.1 Example...........................................................................................................................40
13. Scalable Vector Graphics....................................................................................................................41
14. Webworkers........................................................................................................................................44
14.1 Creating a Webworker................................................................................................................44
14.1.1 Sending/Receiving a Message to/from Webworker.......................................................44
14.2 Cross Site Scripting Vulnerability ................................................................................................46
14.2.1 Example...........................................................................................................................46
14.3 Distributed Denial of Service Attacks..........................................................................................47
14.4 Distributed Password Cracking ...................................................................................................50
15. Stealing Personal Data Stored With Autocomplete Function ............................................................52
15.1 Example: Autocomplete Attribute in Action...............................................................................52
16. Scanning Private IP Addresses............................................................................................................54
16.1 WebRTC.......................................................................................................................................54
17. Security Headers to Enhance Security with HTML5 ...........................................................................56
17.1 X- XSS-Protection ........................................................................................................................56
17.2 X-Frame-Options.........................................................................................................................56
17.3 Strict-Transport-Security.............................................................................................................57
17.3.1 Example...........................................................................................................................58
17.4 X-Content-Type-Options.............................................................................................................58
17.4.1 Example...........................................................................................................................58
17.4.2 Example...........................................................................................................................59
17.5 Content-Security-Policy ..............................................................................................................59
17.5.1 Sample CSP......................................................................................................................60
Acknowledgements.....................................................................................................................................61
References ..................................................................................................................................................62

Read more: http://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...