Script-based XSS vulnerability detection

US 8,949,990 B1
Filed: 12/21/2007
Issued: 02/03/2015
Est. Priority Date: 12/21/2007
Status: Active Grant

First Claim

Patent Images

1. A method of detecting XSS (Cross-site Scripting) vulnerable URLs (Uniform Resource Locator), comprising:

incorporating a piece of test code designed to expose an XSS vulnerability into a dynamic URL;

loading the dynamic URL into a browser;

sending a first request to a web server in connection with said dynamic URL;

receiving a web page from said web server generated in response to said first request that includes script code based upon said test code;

loading said web page into said browser;

executing said script code of said web page by said browser;

sending a second request to said web server as a result of said browser executing said script code, said script code including said second request; and

reporting the dynamic URL as XSS vulnerable when it is determined that said browser executed said script code and it is determined that said browser sent said second request as a result of said browser executing said script code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Detection of dynamic URLs that are vulnerable to XSS attacks is described. First, a dynamic URL is crafted by incorporating a piece of test code designed to expose an instance of XSS vulnerabilities. Next, the crafted URL is loaded into a browser, which causes a web page to be generated that may include the piece of test code. If, upon loading the web page into the browser, the piece of test code is executed by the browser and the browser sends a request to a web server as a result, then the URL is reported as XSS vulnerable. Others, the URL is not vulnerable to this instance of XSS attack. The test may be repeated multiple times for different pieces of test code, each piece designed to expose a different instance of XSS vulnerabilities.

64 Citations

View as Search Results

26 Claims

1. A method of detecting XSS (Cross-site Scripting) vulnerable URLs (Uniform Resource Locator), comprising:
- incorporating a piece of test code designed to expose an XSS vulnerability into a dynamic URL;
  
  loading the dynamic URL into a browser;
  
  sending a first request to a web server in connection with said dynamic URL;
  
  receiving a web page from said web server generated in response to said first request that includes script code based upon said test code;
  
  loading said web page into said browser;
  
  executing said script code of said web page by said browser;
  
  sending a second request to said web server as a result of said browser executing said script code, said script code including said second request; and
  
  reporting the dynamic URL as XSS vulnerable when it is determined that said browser executed said script code and it is determined that said browser sent said second request as a result of said browser executing said script code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method, as recited in claim 1, further comprising:
    - assigning an ID (identification) to the piece of test code; and
      
      storing the dynamic URL along with the ID of the piece of test code in a database if the dynamic URL is XSS vulnerable.
  - 3. The method, as recited in claim 1, wherein the incorporating, the loading, and the reporting are performed on a client computer.
  - 4. The method, as recited in claim 3, further comprising:
    - monitoring user online activities at the client computer to detect the dynamic URL.
  - 5. The method, as recited in claim 1, wherein the incorporating, the loading, and the reporting are performed on said web server computer.
  - 6. The method, as recited in claim 5, further comprising:
    - receiving the dynamic URL from a client computer.
  - 7. The method, as recited in claim 1, further comprising:
    - designing a plurality of pieces of test code, each piece designed to expose a different XSS vulnerability in the dynamic URL.
  - 8. The method as recited in claim 1 further comprising:
    - sending said first request to a first domain at said web server; and
      
      sending said second request to a second domain at said web server.
  - 9. The method as recited in claim 1 wherein said test code, said script code and said second request all include a test code identifier that identifies an XSS vulnerability, and wherein said reporting reports said test code identifier to said web server.
  - 10. The method as recited in claim 1 wherein said test code includes a variation on the spelling of an HTML tag.

11. A method for detecting XSS (Cross-site Scripting) vulnerable URLs (Uniform Resource Locator), comprising:
- receiving, at a web server computer, a dynamic URL from a client computer over a network;
  
  incorporating a piece of test code designed to expose a XSS vulnerability into said dynamic URL to form a modified dynamic URL;
  
  loading the modified dynamic URL into a browser of said web server computer;
  
  receiving a first request at said web server computer in connection with the dynamic URL from the browser and generating a web page that includes script code in response to said first request;
  
  loading said web page into said browser;
  
  executing said script code of said web page in said browser;
  
  sending a second request to said web server computer from said browser as a result of said browser executing said script code, said script code including said second request; and
  
  reporting the dynamic URL as XSS vulnerable when it is determined that the piece of script code is executed by the browser and when it is determined that said browser sent said second request as a result of said browser executing said script code of said web page.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method, as recited in claim 11, further comprising:
    - detecting the dynamic URL from user online activities.
  - 13. The method, as recited in claim 11, further comprising:
    - distinguishing the dynamic URL from a static URL.
  - 14. The method, as recited in claim 11, further comprising:
    - storing the dynamic URL reported as XSS vulnerable by the browser.
  - 15. The method as recited in claim 11 further comprising:
    - receiving said dynamic URL at a first domain at said web server; and
      
      sending said request to a second domain at said web server.
  - 16. The method as recited in claim 11 wherein said test code, said script code and said second request all include a test code identifier that identifies an XSS vulnerability, and wherein said reporting reports said test code identifier to said web server.
  - 17. The method as recited in claim 11 wherein said test code includes a variation on the spelling of an HTML tag.

18. A method of detecting XSS (Cross-site Scripting) vulnerable URLs (Uniform Resource Locator), comprising:
- designing a plurality of pieces of test code, each piece exposing a different XSS vulnerability in a dynamic URL; and
  
  for each of the plurality pieces of test code,incorporating the piece of test code into the dynamic URL;
  
  loading the dynamic URL into a browser;
  
  receiving a web page in response to the dynamic URL that includes script code based upon said test code;
  
  loading the web page into the browser;
  
  executing said script code of said web page by said browser;
  
  sending a request to a web server as a result of said browser executing said script code, said script code including said request; and
  
  reporting the dynamic URL as XSS vulnerable when it is determined that said browser executed said script code and it is determined that said browser sent said request as a result of said browser executing said script code.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method, as recited in claim 18, further comprising:
    - for each of the plurality pieces of test code, storing the dynamic URL along with a unique ID assigned to the piece of test code if the dynamic URL is reported as XSS vulnerable.
  - 20. The method, as recited in claim 18, wherein each of the plurality pieces of test code is designed to expose an XSS vulnerability with respect to a tag.
  - 21. The method, as recited in claim 20, wherein the tag is one selected from the group consisting of <
    - script>
      
      , <
      
      iframe>
      
      , and <
      
      img>
      
      .
  - 22. The method, as recited in claim 18, wherein said steps are performed on a client computer.
  - 23. The method, as recited in claim 18, wherein said steps are performed on said web server computer.
  - 24. The method as recited in claim 18 wherein said dynamic URL includes a first domain, said method further comprising:
    - sending said request to a second domain at said web server.
  - 25. The method as recited in claim 18 wherein said piece of test code, said script code and said request all include a test code identifier that identifies an XSS vulnerability, and wherein said reporting reports said test code identifier to said web server.
  - 26. The method as recited in claim 18 wherein said piece of test code includes a variation on the spelling of an HTML tag.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Hsieh, Sheng-Chi, Wang, Jui-Pang
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US11/962,795
Time in Patent Office

2,601 Days
Field of Search

726/25, 726/22
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1433   Vulnerability analysis

Script-based XSS vulnerability detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Script-based XSS vulnerability detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links