XCS: cross channel scripting and its impact on web applications
Authors: H. Bojinov, E. Bursztein, and D. Boneh
Abstract:
We study the security of embedded web servers used in con- sumer
electronic devices, such as security cameras and photo frames, and for
IT infrastructure, such as wireless access points and lights-out
management systems. All the devices we examine turn out to be
vulnerable to a variety of web attacks, including cross site scripting
(XSS) and cross site request forgery (CSRF). In addition, we show that
consumer electronics are particularly vulnerable to a nasty form of
persistent XSS where a non-web channel such as NFS or SNMP is used to
inject a malicious script. This script is later used to attack an
unsuspecting user who connects to the device's web server. We refer to
web attacks which are mounted through a non-web channel as cross
channel script- ing (XCS). We propose a client-side defense against
certain XCS which we implement as a browser extension.
Reference:
In proceedings of the 16'th ACM conference on Computer and
Communications Security (CCS), 2009.
Full paper: pdf
Related papers: See our presentation in BlackHat USA 2009 and a report in The Register about this work.