Cross-application scripting

Cross-application scripting

Cross-application scripting (CAS) is a vulnerability affecting desktop applications that don't check input in an exhaustive way. CAS allows an attacker to insert data that modifies the behaviour of a particular desktop application. This makes it possible to extract data from inside of the users' system. Attackers may gain the full privileges of the attacked application when exploiting CAS vulnerabilities; the attack is to some degree independent of the underlying operating system and hardware architecture.

Initially discovered by Emanuele Gentili and presented with two other researchers (Alessandro Scoscia and Emanuele Acri) that had participated in the study of the technique and its implications, it was presented for the first time during the Security Summit 2010 in Milan.

The format string attack is very similar in concept to this attack and CAS could be considered as a generalization of this attack method. Some aspects of this technique have been previously demonstrated in clickjacking techniques.

The concept behind cross-application scripting

Like web interfaces, modern frameworks for the realization of graphical applications (in particular GTK+ and Qt, the most important multi-platform frameworks) allow the use of tags inside their own widgets. If an attacker gains the possibility to inject tags he gains the ability to manipulate the appearance and behaviour of the application. Exactly the same phenomenon was seen with the use of cross-site scripting (XSS) in web pages, and this is why this kind of behavior has been named cross application scripting (CAS).

Typically desktop applications get a considerable amount of input and support a large number of features, certainly more than any web interface. This makes it harder for the developer to check whether all the input a program might get from untrusted sources is filtered correctly.

The concept of Cross-Application Request Forgery

If cross application scripting is the application equivalent for XSS in web applications, then cross-application request forgery (CARF) is the equivalent of cross-site request forgery (CSRF) in desktop applications.

In CARF the concept of “link” and “protocol” inherited from the web has been extended because it involves components of the graphical environment and, in some cases, of the operating system.

Exploiting vulnerabilities amendable to CSRF requires interaction from the user. This requirement isn't particularly limiting because the user can be easily led to execute certain actions if the graphical interface is altered the right way. In fact, many misleading changes in the look of applications can be obtained with the use of CAS: a new kind of “phishing”, whose dangerousness is amplified by a lack of tools to detect this kind of attack outside of websites or emails.

In contrast to XSS techniques, that can manipulate and later execute commands in the users' browser, with CAS it is possible to talk directly to the operating system, and not just its graphical interface.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Cross-site scripting — (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client side script into Web pages viewed by other users. A cross site scripting vulnerability may be used by attackers to… …   Wikipedia

  • Cross-Site Scripting — (XSS) bezeichnet das Ausnutzen einer Computersicherheitslücke in Webanwendungen, indem Informationen aus einem Kontext, in dem sie nicht vertrauenswürdig sind, in einen anderen Kontext eingefügt werden, in dem sie als vertrauenswürdig eingestuft… …   Deutsch Wikipedia

  • Cross-Site-Scripting — (XSS; deutsch Seitenübergreifendes Scripting) bezeichnet das Ausnutzen einer Computersicherheitslücke in Webanwendungen, indem Informationen aus einem Kontext, in dem sie nicht vertrauenswürdig sind, in einen anderen Kontext eingefügt werden …   Deutsch Wikipedia

  • Cross Site Scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour faire afficher des pages web contenant du code douteux.… …   Wikipédia en Français

  • Cross site scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour faire afficher des pages web contenant du code douteux.… …   Wikipédia en Français

  • Cross-site scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour provoquer un comportement du site Web différent de celui… …   Wikipédia en Français

  • Cross-site request forgery — Cross site request forgery, also known as a one click attack or session riding and abbreviated as CSRF (pronounced sea surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that… …   Wikipedia

  • Cross-platform — For a type of interchange between different lines in a metro system, see cross platform interchange. In computing, cross platform, or multi platform, is an attribute conferred to computer software or computing methods and concepts that are… …   Wikipedia

  • Cross-document messaging — HTML HTML and HTML5 Dynamic HTML XHTML XHTML Mobile Profile and C HTML Canvas element Character encodings Document Object Model Font family HTML editor HTML element HTML Frames HTML5 video HTML scrip …   Wikipedia

  • Application Level Firewall — Eine Web Application Firewall (WAF) ist eine Technologie, die Web Anwendungen vor Angriffen über das HTTP Protokoll schützen soll. Teilweise wird diese Technologie auch als Web Shield, Application Level Gateway (ALG) oder Application Level… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”