Cybertek Defense Attacks, Threats, and Vulnerabilities Privilege Escalation & Cross-site Scripting

Privilege Escalation & Cross-site Scripting

0 Comments 7:31 pm

Part 3 – 1: Terms and Definitions for Privilege Escalation & Cross-site Scripting

TermDefinition
Privilege EscalationAttacker gains the rights of a more privileged account
Cross-site Scripting AttackInject client-side scripts into web pages viewed by other users
Stored XSS AttackMalicious script is injected directly into a vulnerable web application such as the server instead of the webpage
Reflected XSS AttackMalicious script is reflected off of a web application to the victim’s browser

Using permissions in a user database can help categorize who can access what on a system. By default, the admin account will hold the highest level of windows based permission which grants all use to the OS level system. In an active directory level, multiple types of admin levels are provided such as AD admin to manage the active directory system for user logins and a domain admin that has access to making changes to the domain such as a computer being added to the network. In a privilege escalation attack, an attacker will try to utilize malware or a vulnerability which allows there permissions to be escalated to an admin level. The attacker could then make changes to a system similar to that of an admin user. Vulnerabilities that allow this type of an attack are patched fairly quickly, but other times it could be an issue with a vendor device or software that is allowing this to occur.

Similar to privilege escalation attacks, cross-site scripting attacks have the same process. Cross-site scripting attacks or XSS attack relies on injecting malicious script into user-provided input from a website. Two common cross-site scripting attacks are stored and reflected attacks.

Stored XSS Attack: If we use a website that allows for user input to add items to a backed database, we can manipulate the add feature to run a stored script. When the option is provided to enter something into an input field, we can use a short script for the input instead of something legitimate like “hairbrush” or “food”. Once the script is entered, every time a user visits the website, the script runs.

Reflected XSS Attack: Reflected attacks rely on an malicious script to redirect the user to an infected site or the attackers website. Think of this as a redirection link attack.