XCS: cross channel scripting and its impact on web applications

Authors: H. Bojinov, E. Bursztein, and D. Boneh

We study the security of embedded web servers used in con- sumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management systems. All the devices we examine turn out to be vulnerable to a variety of web attacks, including cross site scripting (XSS) and cross site request forgery (CSRF). In addition, we show that consumer electronics are particularly vulnerable to a nasty form of persistent XSS where a non-web channel such as NFS or SNMP is used to inject a malicious script. This script is later used to attack an unsuspecting user who connects to the device's web server. We refer to web attacks which are mounted through a non-web channel as cross channel script- ing (XCS). We propose a client-side defense against certain XCS which we implement as a browser extension.

In proceedings of the 16'th ACM conference on Computer and Communications Security (CCS), 2009.

Full paper: pdf

Related papers: See our presentation in BlackHat USA 2009 and a report in The Register about this work.