{"id":3810,"date":"2020-10-14T11:25:00","date_gmt":"2020-10-14T11:25:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/web-app-security-xss-vulnerability\/"},"modified":"2026-04-27T10:24:05","modified_gmt":"2026-04-27T10:24:05","slug":"oryggi-vefumsokna-xss-veikleiki","status":"publish","type":"post","link":"https:\/\/thecodest.co\/is\/blog\/web-app-security-xss-vulnerability\/","title":{"rendered":"\u00d6ryggi vefums\u00f3kna \u2013 XSS-veikleiki"},"content":{"rendered":"

\u00c1r\u00e1sarsenari<\/h2>\n\n\n\n
    \n
  1. \u00c1r\u00e1sandinn finnur XSS-veikleika \u00e1 vefs\u00ed\u00f0u sem f\u00f3rnarlambi\u00f0 notar, t.d. vefs\u00ed\u00f0u banka.<\/li>\n\n\n\n
  2. \u00deolandi er n\u00fa innskr\u00e1\u00f0ur \u00e1 \u00feessa s\u00ed\u00f0u<\/li>\n\n\n\n
  3. \u00c1r\u00e1sandinn sendir f\u00f3rnarlambinu tilb\u00fana vefsl\u00f3\u00f0.<\/li>\n\n\n\n
  4. Brota\u00feoli smellir \u00e1 vefsl\u00f3\u00f0ina.<\/li>\n\n\n\n
  5. \u00c1 f\u00f3rnarlambsins banki<\/a> vefs\u00ed\u00f0a, JavaScript<\/a> k\u00f3\u00f0i<\/a> byrjar a\u00f0 framkv\u00e6ma til a\u00f0 st\u00f6\u00f0va notandans g\u00f6gn<\/a> e\u00f0a framkv\u00e6ma millif\u00e6rslu fyrir hans h\u00f6nd \u00e1 reikning \u00e1r\u00e1sara\u00f0ilans<\/li>\n<\/ol>\n\n\n\n

    \u00dea\u00f0 er vert a\u00f0 taka fram a\u00f0 a\u00f0ger\u00f0ir sem framkv\u00e6mdar eru fyrir h\u00f6nd f\u00f3rnarlambsins geta veri\u00f0 \u00f3s\u00fdnilegar f\u00f3rnarlambinu, \u00fear sem \u00fe\u00e6r geta \u00e1tt s\u00e9r sta\u00f0 \u00ed bakgrunni me\u00f0 \u00fev\u00ed a\u00f0 nota bankans forritaskil<\/a>, e\u00f0a \u00e1r\u00e1sara\u00f0ilinn getur framkv\u00e6mt \u00fe\u00e6r s\u00ed\u00f0ar me\u00f0 g\u00f6gnum sem \u00fearf til au\u00f0kenningar, tokenum, k\u00f6kum o.s.frv.<\/p>\n\n\n\n

    XSS-ger\u00f0ir<\/h2>\n\n\n\n

    1. Endurvarpa\u00f0 XSS <\/h3>\n\n\n\n

    \u00deetta er d\u00e6mi \u00fear sem HTML\/JavaScript k\u00f3\u00f0i sem er \u00ed hva\u00f0a breytu sem er (t.d. GET, POST e\u00f0a cookie) birtist \u00ed svari.<\/p>\n\n\n\n

    S\u00ed\u00f0a me\u00f0 textareit til a\u00f0 leita a\u00f0 einhverju sem setur breytuna ?leit=foo<\/code> \u00ed loka hluta vefsl\u00f3\u00f0arinnar \u00feegar API-i\u00f0 er fyrirspurt. Eftir a\u00f0 hafa slegi\u00f0 inn hva\u00f0a or\u00f0asamband sem er, ef \u00fea\u00f0 finnst ekki, er skila\u00f0 skilabo\u00f0um \u00ed HTML, t.d.<\/p>\n\n\n\n

    <div>Engar niðurstöður fundust fyrir <b>fóó<\/b><\/div><\/code><\/pre>\n\n\n\n
    Vi\u00f0 getum reynt a\u00f0 setja inn vefsl\u00f3\u00f0ina. ?search=<\/code>..<\/p>\n\n\n\n
    2.DOM XSS <\/h3>\n\n\n\n
    \u00deetta er \u00feegar framkv\u00e6md hennar er ger\u00f0 m\u00f6guleg me\u00f0 notkun h\u00e6ttulegra fallanna \u00ed JavaScript, svo sem meta<\/code> e\u00f0a innri HTML<\/code>. \u201cLive d\u00e6mi\u00f0\u201d h\u00e9r a\u00f0 ne\u00f0an s\u00fdnir DOM XSS-\u00e1r\u00e1s bygg\u00f0a \u00e1 innri HTML<\/code> falli.<\/p>\n\n\n\n
    3. Geymdur XSS <\/h3>\n\n\n\n
    \u00deetta er d\u00e6mi um \u00feegar illgjarn k\u00f3\u00f0i er skrifa\u00f0ur \u00e1 \u00fej\u00f3nahli\u00f0inni. Til d\u00e6mis g\u00e6tum vi\u00f0 sent athugasemd me\u00f0 illgjarnan k\u00f3\u00f0a vi\u00f0 bloggf\u00e6rslu sem er hla\u00f0in upp \u00e1 \u00fej\u00f3ninn. Verkefni hans er til d\u00e6mis a\u00f0 b\u00ed\u00f0a eftir sam\u00feykki stj\u00f3rnanda og stela s\u00ed\u00f0an lotug\u00f6gnum hans o.s.frv.<\/p>\n\n\n\n
    Innd\u00e6lingara\u00f0fer\u00f0ir<\/h2>\n\n\n\n
    1. \u00cd merkis efni<\/p>\n\n\n\n
    `onerror=alert('XSS')`<\/code>\u00ed<\/p>\n\n\n\n
    <img src onerror="alert('XSS')" \/><\/code><\/pre>\n\n\n\n
    2. \u00cd efni eiginleikans<\/p>\n\n\n\n
    \" onmouseover=alert('XSS')<\/code> \u00ed<\/p>\n\n\n\n
    <div class="" onmouseover="alert('XSS')""><\/div><\/code><\/pre>\n\n\n\n
    <\/p>\n\n\n\n
      \n
    1. \u00cd efni eiginleikans \u00e1n g\u00e6salappa<\/li>\n<\/ol>\n\n\n\n
      x onclick=alert('XSS')<\/code>\u00ed<\/p>\n\n\n\n
      <div class="x" onclick="alert('XSS')"><\/div><\/code><\/pre>\n\n\n\n
      <\/p>\n\n\n\n
        \n
      1. \u00cd tengill<\/code>ef-eiginleiki<\/li>\n<\/ol>\n\n\n\n
        javascript:alert('XSS')<\/code> \u00ed<\/p>\n\n\n\n
        <a href="javascript:alert('XSS')"><\/a><\/code><\/pre>\n\n\n\n
        <\/p>\n\n\n\n
          \n
        1. \u00cd strengnum inni \u00ed JavaScript k\u00f3\u00f0a<\/li>\n<\/ol>\n\n\n\n
          \";alert('XSS')\/\/<\/code> \u00ed<\/p>\n\n\n\n
          <script>let username=\"\";alert('XSS')\/\/\";<\/script><\/code><\/pre>\n\n\n\n
            \n
          1. \u00cd eiginleikanum me\u00f0 JavaScript-atbur\u00f0inum<\/li>\n<\/ol>\n\n\n\n
            ');alert('XSS')\/\/<\/code> hvar og #39;<\/code> er eint\u00f6kul\u00f3\u00f0, inn \u00ed<\/p>\n\n\n\n
            <div onclick="change('&#39;);alert('XSS')\/\/')">Jón<\/div><\/code><\/pre>\n\n\n\n
            <\/p>\n\n\n\n
              \n
            1. \u00cd tengill<\/code> Eiginleiki innan JavaScript-samskiptapr\u00f3t\u00f3kollsins<\/li>\n<\/ol>\n\n\n\n
              );alert(1)\/\/<\/code> hvar %27<\/code> er eint\u00f6kul\u00f3\u00f0, inn \u00ed<\/p>\n\n\n\n
              <a href="javascript:change('%27);alert(1)\/\/')">smelltu<\/a><\/code><\/pre>\n\n\n\n

               <\/code><\/p>\n\n\n\n
              L\u00edfs d\u00e6mi<\/h3>\n\n\n\n
              \n