The software imports require or include executable functionality (such as a library) from a source that is outside of the intended control sphere.
When including third-party functionality, such as a web widget, library, or another source of functionality, the software must effectively trust that functionality. Without sufficient protection mechanisms, the functionality could be malicious in nature (either by coming from an untrusted source, being spoofed, or being modified in transit from a trusted source). The functionality might also contain its own weaknesses, or grant access to additional functionality and state information that should be kept private to the base system, such as system state information, sensitive application data, or the DOM of a web application. This might lead to many different consequences depending on the included functionality, but some examples include injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user’s cookies.
PROBLEM LOCATION :
– Popular Sources (document.URL, document.documentURI, location.href, location.search, location.*, window.name , document.referrer )
– Popular Sinks ( HTML Modification sinks document.write (element).innerHTML HTML modification to behaviour change (element).src (in certain elements) Execution Related sinks eval etTimout / setInterval execScript )
- Use a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- Implement filtering mechanism that removes potentially dangerous characters.
- If “../” sequences are removed from the “…/…//” string in a sequential fashion, two instances of “../” would be removed from the original string, but the remaining characters would still form the “../” string.
GENERAL RESOURCES :
- Burp suite
- Xeno tix XSS