웹취약점 점검시 조치방법좀 알려주세요
본문
대학교 도메인 네임서버을 연결사용하려고하는데
Acunetix 취약점 스캐너로 점검해다고합니다. 그런데
high 1개 와 Medium 6개가 나와서 연결시켜줄수가 없다고하네요..........
기관이나 학교에서 웹취약점 통과하신 분 설명 좀 부탁드립니다.
Cross site scripting 1개
Severity --------------------- High
Reported by module --------- Scripting (XSS.script)
Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Impact
Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.
Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.
Recommendation
Apply context-dependent encoding and/or validation to user input rendered on a page
References
Cross-site Scripting (XSS) Attack - Acunetix (https://www.acunetix.com/websitesecurity/cross-site-scripting/) Types of XSS - Acunetix (https://www.acunetix.com/websitesecurity/xss/) Cross-site Scripting - OWASP (http://www.owasp.org/index.php/Cross_Site_Scripting) XSS Filter Evasion Cheat Sheet (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) Excess XSS, a comprehensive tutorial on cross-site scripting (https://excess-xss.com/) Cross site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting )
Affected items
/bbs/board.php
Details URL encoded GET input sca was set to 1'"()&%<acx><ScRiPt >WcfL(9336)</ScRiPt> Request headers GET /bbs/board.php?ajax_ck=1&bo_table=notice&page=2&sca=1'"()%26%25<acx> <ScRiPt%20>WcfL(9336)</ScRiPt> HTTP/1.1 Referer: http://altobnc.com Cookie: PHPSESSID=31063qv02pdko2jufl3e7vpbm7; 2a0d2363701f23f8a75028924a3af643=MTY4LjExNS43Ny45MA%3D%3D; e1192aefb64683cc97abb83c71057733=cHJvZmVzc29y; ck_font_resize_rmv_class=; ck_font_resize_add_class= Host: altobnc.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Acunetix-Product: WVS/11.0 (Acunetix - WVSE) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */*
HTML form without CSRF protection 총4개
/bbs/login.php 1개
/bbs/new.php 1개
/bbs/password_lost.php 1개
/bbs/register.php 1개
User credentials are sent in clear text 총2개
/bbs/login.php 1개
/bbs/register_form.php 1개
답변 5
XSS.script 뭐시기는
X-XSS-Protection: 1; mode=block
로 줘보세요
그누보드5 최신버전으로 업데이트 해보세요.
꼭 대학교 네임서버를 이용할 이유가 있으실까요?
도메인을 이용하신다는 뜻일까요?
취약점 검증하는 그 분 또는 그 무엇도 굳이 ....
걱정하지 마시고 공부 하세요
네 감사합니다