'Understanding Blind Vulnerabilities

There is something i wonder. I am giving an example of XSS. We say it is divided into 3 types. Blind, Reflected and stored. There is no one who does not know reflected and stored. We say that the attacker is not informed about the vulnerable with a blind at the beginning of it's name, but if there is no information, how does the attacker understand that there is any vulnerable?

Thank you from now.

securityxss


Solution 1:[1]

In blind XSS the attacker typically doesn't know if his attack will succeed at first. You can think of it like setting up a trap. You don't know if it will succeed, or if the victim has protection, you are blind.

Actually, blind XSS vulnerabilities are a variant of stored (persistent) XSS vulnerabilities. The attacker's input is saved by a web server and then executed as a malicious script in another application or in another part of the application.

For example, an attacker injects a malicious payload into a contact/feedback form and POST it (setting up a trap). Let's say the info sent is then served by another application or in another part of the app:

The admin is opening his admin panel/dashboard to view feedback from his users. When the administrator of the application is reviewing the feedback entries - the attacker’s payload will be loaded and executed.

The attacker was blind - he didn't know if the server side of that form sanitize the input, or if the "admin panel" of the application has any protection against JS execution.

Example of web applications and web pages where blind XSS attacks can occur:

  • Contact/Feedback pages
  • Log viewers
  • Exception handlers
  • Chat applications / forums
  • Customer ticket applications
  • Web Application Firewalls
  • Any application that requires user moderation

In the case of blind XSS, the payload can be executed after a long period of time when the administrator visits the vulnerable page. It can take hours, days, or even weeks until the payload is executed. Therefore, this type of vulnerability is much harder to detect compared to other reflected XSS vulnerabilities where the input is reflected immediately.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Liadco

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application