HomeBlog → Cross Site Port Attack XSPA
Web Application Security

Cross Site Port Attack XSPA

October 06, 2018
4 min read
10,759 Views
Cross Site Port Attack XSPA

Contents:

  • Introduction
  • Using Burp Suite Tool
  • Mitigationns For Xspa
  • Conclusion
  • How Briskinfosec Helps You?
  • Curious To Read Our Case Studies?
  • Last But Not The Least
  • You May Be Interested On

Introduction:

A web application is helpless against Cross Site Port Attack if it forms client provided URLs and does not disinfect the backend reaction obtained from remote servers previously, while sending it back to the client. The responses in specific cases can be concentrated to distinguish benefit accessibility (port status, flags), and even bring information from remote administrations in unique ways.

Detecting a potential XSPA vulnerability is very simple, if the web app takes URL as input and tries to make it connect to the port. If it analyses the output, then the vulnerability is confirmed. XSPA attack has been attempted on this testing app http://testphp.vulnweb.com/.

Once I visited this testing site, I had selected the image categories option on the site as follows:

image

Later I have selected the required image file it takes me to the URL as follow

Using Burp Suite Tool:

image

Once I visited this site, I started to capture the backend response using Burp Suite tool.

Burp Suite is a graphical tool for testing Web application security, and was mainly developed to provide a comprehensive solution for web application security checks. In addition to this basic functionality, it has some extra features such as proxy server, scanner and intruder. The tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

I have cross checked this site using my localhost with some ports and had then captured the response in Burp Suite. By this method, we can precisely analyse the response for each port.

image

Here, I have captured the response of the image URL and had cross checked it with my localhost using port 80 (HTTP), and I can see the response 200 OK (Normal response).

image

Once, it fetches the average result, you can also confirm this for other ports like 22 (SSH), 21 (FTP), 25 (SMTP), 8080 (HTTPs), and you can check the result in browser as well.

During Port analysis, if any required port is closed, it fetches the result like:

imageIt also shows the response of 200, but it displays some warning like (failed to open) or connection refused, etc. If it shows this case of errors, then you can confirm that the port is closed.

image

The above screenshot shows the different case of the port being opened and closed, but it shows the result without exposing the attackers IP on the server logs. Most significantly, it also reveals the backend service running on SSH.

Mitigations For XSPA Attack:

  • Unauthorized URLs access should be restricted.
  • Restrict connectivity to the internal ports.
  • Blacklist strange IP addresses.
  • Disable unwanted protocols and services.
  • You can block your ports using firewall for better security. 

Conclusion:

XSPA vulnerability attack is mainly used to perform port scanning of a target using another vulnerable website. An attacker can also perform a DOS attack, Code Execution, and other major attacks on other vulnerable websites.

How Briskinfosec Helps You?

Briskinfosec disables the unwanted protocols and services by scrutinized security testing. We help in implementing competent firewall and monitor the incoming logs. If our scrutinised security assessments prove them to be suspicious, the signals get jeopardised. If valid, then they’re allowed. Further, effective input validation of URL is also performed. We also deliver practical awareness notions of other such attacks.

Curious to read our case studies?

All our clients know how much successful we are with our security assessments. The main reason for us to be refereed as the most successful cybersecurity organisation compared with many, is the way we perform our security assessments. Check out our case studies to know the way we rise and shine, beyond the hurdles of hackers.   

Last but not the least:

Countless number of cyberattacks happen everyday, and almost everywhere. Moreover, catching sight of all those attacks and acknowledging them, with none being missed, is close to impossible. But, our Threatsploit Adversary report gets you the chance of having a glance at the most dreadful and recent cyberattacks that have happened worldwide, along with the companies affected, the type of loss faced, and much more in a single click. What else are you waiting for? Just check our report now!

You may be interested on: 

Web Application Security Website Security Cloud Application Security Information Security
A
Written by
Arulselvar Thomas Founder & Director
Cybersecurity expert at Briskinfosec Technology and Consulting, specializing in security assessments, compliance, and helping organizations build resilient security postures.

Related Articles

How to Create a Secure AWS IAM Audit User for Cloud Security Assessments
How to Create a Secure AWS IAM Audit User for Cloud Security Assessments
Jun 04, 2026 · 192
The Evolving Role of the CISO From Technical Expert to Strategic Advisor
The Evolving Role of the CISO From Technical Expert to Strategic Advisor
Aug 21, 2025 · 1,154
SaaS Security Addressing Cloud Misconfigurations and API Vulnerabilities
SaaS Security Addressing Cloud Misconfigurations and API Vulnerabilities
Jul 18, 2025 · 1,751
Read Next (Top Blog)
Getting Started with Frida

Ready to Strengthen Your Security?

Talk to our CREST-certified security experts today

WhatsApp Us
Chat instantly with our security team
AI Presales Bot
Get instant answers from LURA AI
Schedule Consultation
Book a free security consultation
Email Us
contact@briskinfosec.com
Link copied to clipboard!
Scope Your Security Program Chat on WhatsApp Ask LURA AI AI