XSSER: From XSS to RCE 3.0

Transcript

1. XSSER: From XSS to RCE 3.0 OWASP Copenhagen Chapter 28

   March 2019

2. About me ➢ ISP Red Team – Copenhagen ➢ Presented

   at Black Hat Europe, Kiwicon, Hack in the Box, etc. ➢ Full-time security consultant career began in Sydney, Australia

3. Shodan: port:80

4. How many web servers globally? ➢ 85 million approximately (Shodan

   – Port:80) How many of them run PHP? ➢ 8.1 million approximately (Shodan – PHP) However..

5. What about virtual hosting? ➢ 1.4 billion websites ➢ 232

   million unique domains ➢ 27 million websites running WordPress That’s a lot more attack surface for adversaries (Netcraft March 2019 Survey)

6. Classic XSS Attacks ➢ Cookie Stealing ➢ Prevented by “HttpOnly”

   flag ➢ Defacements ➢ Phishing ➢ Session Hijacking (e.g. BeEF, XSSER, etc.)
7. None
8. None
9. None
10. None

11. XSSER

12. XSSER What and why? ➢ Can automate XSS attacks to

    obtain RCE ➢ Meant for educational purposes ➢ Fully open source and available on GitHub

13. Demo

14. References https://github.com/Varbaek/xsser https://shodan.io https://news.netcraft.com/archives/cat egory/web-server-survey/

15. Questions?