- Aureliano Calvo and Diego Tiscornia
- Corelabs Technical Report.
- Date published
- cross-site scripting, penetration testing
In this work we analyze the problems underlying exploitation and post exploitation in the web application scenario. We present a prototype that enables an attacker to use a cross-site scripting vulnerability to gain different levels of access, including complete control of the victim's computer. We also describe multiple problems associated with payload engineering and utilize the agent concept to model an attack. This paper is divided in three parts. Firstly we visit the structure of two agents, the sycall-proxying agent and the SQL agent. In the second part we analyze cross-site scripting vulnerabilities and present a new kind of agent that is used to handle attacks that exploit this vulnerability. We also show how to use this agent to perform different post exploitation tasks including, in some cases, total control of the attacked hosts. In the third part we return to the different agent types and present a uniform analysis by dividing them into client, channel and back-end.