Hacker News new | ask | show | jobs
by Jerrrry 1029 days ago
I miss these kinda posts, so rare now.

I know XSS is dying due to CORS and DLL injection is mooted by ALSR, that API's are usually authenticated and authorized, but damn...

I wish there was a more collective place to showcase modern exploits, they just hit nice in the feelies.
4 comments
rainonmoon 1029 days ago
CORS doesn't prevent XSS and isn't designed to.
link
mtlynch 1029 days ago
>I know XSS is dying due to CORS

CORS isn't related to XSS. CORS actually isn't a security protection at all. It's a way for web apps to explicitly disable standard protections that browsers apply to enforce same origin policy.

You might be thinking of Content Security Policy (CSP).[0] That's the most effective protection I'm aware of for XSS, but it's not very widely used because so few JavaScript libraries are compatible with it.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

link
Jerrrry 1029 days ago
yea, i meant CSP.

>so few JavaScript libraries are compatible with it.

is this because of the 'eval' function specifically, or is there other reasons?

link
mtlynch 1029 days ago
Yeah, eval is the main culprit, but there's also Function, setTimeout, setInterval and friends.[0]

The other gotcha is that with a secure CSP policy, you can no longer do things like <button onclick="handleClick"> because that's inline JS, so that's kind of a bummer.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...

link
nullpt_rs 1029 days ago
I can sorta share this sentiment. Luckily (for us) tech seems to be moving in the direction of embedding Chromium everywhere which always leads to some fun exploits :)
link
shitlord 1029 days ago
ASLR doesn't stop DLL injection.
link
l33t7332273 1029 days ago
I think GP confused DLL injection with return to libc.

I see why; in return to libc, which is prevented by ASLR, you are injecting the control of flow into the middle of a DLL(that DLL is libc). The terminology is a little confusing.

link
Jerrrry 1029 days ago
meant hooking functions statically or even dynamically with a minimal amount of codegolf'd asm instructions inserted via buffer overflow, and repairing the stack to sneak by stack smashing detecting, but yea, libc is implied in the linux environment
link