Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis

Proceedings of the 14th European Workshop on Systems Security Pub Date : 2021-04-26 DOI:10.1145/3447852.3458718

Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns

{"title":"Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis","authors":"Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns","doi":"10.1145/3447852.3458718","DOIUrl":null,"url":null,"abstract":"Since the invention of JavaScript 25 years ago, website functionality has been continuously shifting from the server-side to the client-side. Web browsers have evolved into an application platform, and HTML5 emerged as a first-class environment for building rich cross-platform applications. This additional functionality on the client-side comes with the added risk of new security issues with increasingly severe consequences. In this work, we investigate the prevalence of DOM-based Cross-Site Scripting (DOM-based XSS) in the top 100,000 most popular websites using a novel targeted exploit generation technique based on dynamic data-flow tracking. In total, this work finds 15,710 potentially insecure dataflows where information from the URL is injected into the HTML of the Web page. Using large-scale exploit generation and validation services, 7199 of these flows lead to JavaScript execution, across 711 different domains. This represents a successful exploit rate of 45.82%, improving on previous methods by factors of 1.8 and 1.9 respectively.","PeriodicalId":329372,"journal":{"name":"Proceedings of the 14th European Workshop on Systems Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 14th European Workshop on Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3447852.3458718","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Since the invention of JavaScript 25 years ago, website functionality has been continuously shifting from the server-side to the client-side. Web browsers have evolved into an application platform, and HTML5 emerged as a first-class environment for building rich cross-platform applications. This additional functionality on the client-side comes with the added risk of new security issues with increasingly severe consequences. In this work, we investigate the prevalence of DOM-based Cross-Site Scripting (DOM-based XSS) in the top 100,000 most popular websites using a novel targeted exploit generation technique based on dynamic data-flow tracking. In total, this work finds 15,710 potentially insecure dataflows where information from the URL is injected into the HTML of the Web page. Using large-scale exploit generation and validation services, 7199 of these flows lead to JavaScript execution, across 711 different domains. This represents a successful exploit rate of 45.82%, improving on previous methods by factors of 1.8 and 1.9 respectively.

查看原文本刊更多论文

谈论我们这一代人:使用动态数据流分析生成基于dom的XSS漏洞

自从25年前JavaScript发明以来，网站功能一直在不断地从服务器端转移到客户端。Web浏览器已经发展成为一种应用程序平台，而HTML5则成为构建丰富跨平台应用程序的一流环境。客户端上的这些附加功能带来了新的安全问题的风险，其后果也越来越严重。在这项工作中，我们使用一种基于动态数据流跟踪的新型针对性漏洞生成技术，调查了前10万个最受欢迎的网站中基于dom的跨站脚本(DOM-based XSS)的流行程度。这项工作总共发现了15,710个可能不安全的数据流，其中来自URL的信息被注入到Web页面的HTML中。使用大规模的漏洞生成和验证服务，这些流中的7199会导致JavaScript在711个不同的域中执行。这代表了45.82%的成功利用率，比以前的方法分别提高了1.8和1.9倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 14th European Workshop on Systems Security

自引率

0.00%

发文量