Image

Cross Site Port Attack XSPA

  • Published On: October 06, 2018 Updated On: November 06, 2023

Contents:

  • Introduction
  • Using Burp Suite Tool
  • Mitigationns For Xspa
  • Conclusion
  • How Briskinfosec Helps You?
  • Curious To Read Our Case Studies?
  • Last But Not The Least
  • You May Be Interested On

Introduction:

A web application is helpless against Cross Site Port Attack if it forms client provided URLs and does not disinfect the backend reaction obtained from remote servers previously, while sending it back to the client. The responses in specific cases can be concentrated to distinguish benefit accessibility (port status, flags), and even bring information from remote administrations in unique ways.

Detecting a potential XSPA vulnerability is very simple, if the web app takes URL as input and tries to make it connect to the port. If it analyses the output, then the vulnerability is confirmed. XSPA attack has been attempted on this testing app http://testphp.vulnweb.com/.

Once I visited this testing site, I had selected the image categories option on the site as follows:

image

Later I have selected the required image file it takes me to the URL as follow

Using Burp Suite Tool:

image

Once I visited this site, I started to capture the backend response using Burp Suite tool.

Burp Suite is a graphical tool for testing Web application security, and was mainly developed to provide a comprehensive solution for web application security checks. In addition to this basic functionality, it has some extra features such as proxy server, scanner and intruder. The tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

I have cross checked this site using my localhost with some ports and had then captured the response in Burp Suite. By this method, we can precisely analyse the response for each port.

image

Here, I have captured the response of the image URL and had cross checked it with my localhost using port 80 (HTTP), and I can see the response 200 OK (Normal response).

image

Once, it fetches the average result, you can also confirm this for other ports like 22 (SSH), 21 (FTP), 25 (SMTP), 8080 (HTTPs), and you can check the result in browser as well.

During Port analysis, if any required port is closed, it fetches the result like:

imageIt also shows the response of 200, but it displays some warning like (failed to open) or connection refused, etc. If it shows this case of errors, then you can confirm that the port is closed.

image

The above screenshot shows the different case of the port being opened and closed, but it shows the result without exposing the attackers IP on the server logs. Most significantly, it also reveals the backend service running on SSH.

Mitigations For XSPA Attack:

  • Unauthorized URLs access should be restricted.
  • Restrict connectivity to the internal ports.
  • Blacklist strange IP addresses.
  • Disable unwanted protocols and services.
  • You can block your ports using firewall for better security. 

Conclusion:

XSPA vulnerability attack is mainly used to perform port scanning of a target using another vulnerable website. An attacker can also perform a DOS attack, Code Execution, and other major attacks on other vulnerable websites.

How Briskinfosec Helps You?

Briskinfosec disables the unwanted protocols and services by scrutinized security testing. We help in implementing competent firewall and monitor the incoming logs. If our scrutinised security assessments prove them to be suspicious, the signals get jeopardised. If valid, then they’re allowed. Further, effective input validation of URL is also performed. We also deliver practical awareness notions of other such attacks.

Curious to read our case studies?

All our clients know how much successful we are with our security assessments. The main reason for us to be refereed as the most successful cybersecurity organisation compared with many, is the way we perform our security assessments. Check out our case studies to know the way we rise and shine, beyond the hurdles of hackers.   

Last but not the least:

Countless number of cyberattacks happen everyday, and almost everywhere. Moreover, catching sight of all those attacks and acknowledging them, with none being missed, is close to impossible. But, our Threatsploit Adversary report gets you the chance of having a glance at the most dreadful and recent cyberattacks that have happened worldwide, along with the companies affected, the type of loss faced, and much more in a single click. What else are you waiting for? Just check our report now!

You may be interested on: