This basically utilizes the web's core principle of composability in order to determine & extract useful information.
XS-Leaks take advantage of small pieces of information that are exposed during interactions between websites.
#Learn365 Day-6: Cross-Site Leaks
Goldmine to Learn: https://t.co/TsqGRWxPq7
Cross-Site Leaks/XS-Leaks is a less explored security issue that usually comes from Side-Channel Attacks. I found this an interesting vector but unusual.
(1/n)
#BugBountyTips #infosec #AppSec
This basically utilizes the web's core principle of composability in order to determine & extract useful information.
XS-Leaks take advantage of small pieces of information that are exposed during interactions between websites.
Cross-Site Oracle.
This can be considered as a querying mechanism. The information used for this attack is of binary form and called Oracles. It usually has an answer of "Yes" or "No". You can say True or False.
For Example: Does User Harsh Exists in the Application. Yes, means that the user is there in the application.
- An attacker requires to smartly form queries in order to successfully execute this attack and gain hold of sensitive information.
Some of the Attacks using Cross-Site leaks are:
1. XS-Search: An attacker try to abuse the query mechanism such as search functionality to leak and get hold of the user's information.
Remediation
- Same Site Lax Cookies
Usual Exploitation Workflow:
1. Define a timeline when there is a Hit vs Miss
2. Start attacking the Querying Endpoint.
3. For Example: ?search=h (Throws a Hit)
search for the next word appended to `h` i.e. ?search=ha otherwise change the word i.e. ?search=b
2. Error Events
Based on the Error Message returned by the application, it may be possible to enumerate sensitive information. This is similar to user enumeration techniques.
Reference: https://t.co/2iIVT0xei2
3. Frame Counting
The window.length provides the number of frames in the window. This attribute can provide valuable information about a page to an attacker.
References: https://t.co/XjOZL3yiZF
3. Navigation Attacks
Reference: https://t.co/lS3LT80Foa
4. Cache Probing
- Workes based on detecting whether the web page was cached or not.
Ref: https://t.co/ejAdOHaIFG
5. ID Attribute
Ref: https://t.co/11lwLzE2DD
6. Post Message Broadcasts
a. Sharing Sensitive message with untrusted origins
b. Leaking information based on varying content or on the presence of a broadcast
7. Abusing Browser Features
- CORB (Cross-Origin Read Blocking)
- CORP (Cross-Origin Resource Policy)
8. Timing Attacks
- Clock Based
- Network Timing
- Execution Timing
- Hybrid Timing
- Connection Pool
# Referneces
1. https://t.co/byryqh3bql
2. https://t.co/khunvHYDga
3. https://t.co/ssQ39okO55
I'll revisit this attack in near future & will try to find.
More from For later read
Today's Twitter threads (a Twitter thread).
Inside: Planet Money on HP's myriad ripoffs; Strength in numbers; and more!
Archived at: https://t.co/esjoT3u5Gr
#Pluralistic
1/
On Feb 22, I'm delivering a keynote address for the NISO Plus conference, "The day of the comet: what trustbusting means for digital manipulation."
https://t.co/Z84xicXhGg
2/
Planet Money on HP's myriad ripoffs: Ink-stained wretches of the world, unite!
https://t.co/k5ASdVUrC2
3/
Strength in numbers: The crisis in accounting.
https://t.co/DjfAfHWpNN
4/
#15yrsago Bad Samaritan family won’t return found expensive camera https://t.co/Rn9E5R1gtV
#10yrsago What does Libyan revolution mean for https://t.co/Jz28qHVhrV? https://t.co/dN1e4MxU4r
5/
Inside: Planet Money on HP's myriad ripoffs; Strength in numbers; and more!
Archived at: https://t.co/esjoT3u5Gr
#Pluralistic
1/
On Feb 22, I'm delivering a keynote address for the NISO Plus conference, "The day of the comet: what trustbusting means for digital manipulation."
https://t.co/Z84xicXhGg
2/
Planet Money on HP's myriad ripoffs: Ink-stained wretches of the world, unite!
https://t.co/k5ASdVUrC2
3/
Back in November, I published an article for @EFF about @HP's latest printer-ink ripoff: after offering its customers a free-ink-for-life plan, it unilaterally switched them all to a $1/month-for-life plan.https://t.co/bsc73xPSuo
— Cory Doctorow #BLM (@doctorow) February 18, 2021
1/ pic.twitter.com/tagduPupA5
Strength in numbers: The crisis in accounting.
https://t.co/DjfAfHWpNN
4/
Accountancy is more likely to be mocked than celebrated (or condemned), but accountants, far more than poets, are the unacknowledged legislators of the world.
— Cory Doctorow #BLM (@doctorow) February 18, 2021
1/ pic.twitter.com/FaNQc66gQN
#15yrsago Bad Samaritan family won’t return found expensive camera https://t.co/Rn9E5R1gtV
#10yrsago What does Libyan revolution mean for https://t.co/Jz28qHVhrV? https://t.co/dN1e4MxU4r
5/
#IDTwitter #IDFellows
Introducing our new series: “IDFN top 10 articles every fellow should read”🔖
#1: SAB management
by @mmcclean1 @LeMiguelChavez
Reviewers @KaBourgi, @IgeGeorgeMD, @Courtcita, @MDdreamchaser
We know is subjective & expect feedback/future improvements 👇
1. Clinical management of Staphylococcus aureus bacteremia: a review.
https://t.co/9tBCtp9mlP
👉 A must read written by Holland et al. where they review the evidence of the management of SAB.
2. Impact of Infectious Disease Consultation on Quality of Care, Mortality, and Length of Stay in Staphylococcus aureus Bacteremia: Results From a Large Multicenter Cohort Study.
https://t.co/XujO68pCuH
👉ID consult associated with reduced inpatient mortality.
3. Predicting Risk of Endocarditis Using a Clinical Tool (PREDICT): Scoring System to Guide Use of Echocardiography in the Management of Staphylococcus aureus Bacteremia
https://t.co/otcA1pxjAw
👉Predictive risk factors for infective endocarditis, and thus the need for TEE.
4. The Cefazolin Inoculum Effect Is Associated With Increased Mortality in Methicillin-Susceptible Staphylococcus aureus Bacteremia.
https://t.co/CQZiryVWZz
👉Presence of cefazolin inoculum effect in the infecting isolate was associated with an increase 30-day mortality.
Introducing our new series: “IDFN top 10 articles every fellow should read”🔖
#1: SAB management
by @mmcclean1 @LeMiguelChavez
Reviewers @KaBourgi, @IgeGeorgeMD, @Courtcita, @MDdreamchaser
We know is subjective & expect feedback/future improvements 👇
1. Clinical management of Staphylococcus aureus bacteremia: a review.
https://t.co/9tBCtp9mlP
👉 A must read written by Holland et al. where they review the evidence of the management of SAB.
2. Impact of Infectious Disease Consultation on Quality of Care, Mortality, and Length of Stay in Staphylococcus aureus Bacteremia: Results From a Large Multicenter Cohort Study.
https://t.co/XujO68pCuH
👉ID consult associated with reduced inpatient mortality.
3. Predicting Risk of Endocarditis Using a Clinical Tool (PREDICT): Scoring System to Guide Use of Echocardiography in the Management of Staphylococcus aureus Bacteremia
https://t.co/otcA1pxjAw
👉Predictive risk factors for infective endocarditis, and thus the need for TEE.
4. The Cefazolin Inoculum Effect Is Associated With Increased Mortality in Methicillin-Susceptible Staphylococcus aureus Bacteremia.
https://t.co/CQZiryVWZz
👉Presence of cefazolin inoculum effect in the infecting isolate was associated with an increase 30-day mortality.
I’ve asked Byers to clarify, but as I read this tweet, it seems that Bret Stephens included an unredacted use of the n-word in his column this week to make a point, and the column got spiked—maybe as a result?
Four times. The column used the n-word (in the context of a quote) four times. https://t.co/14vPhQZktB
For context: In 2019, a Times reporter was reprimanded for several incidents of racial insensitivity on a trip with high school students, including one in which he used the n-word in a discussion of racial slurs.
That incident became public late last month, and late last week, after 150 Times employees complained about how it had been handled, the reporter in question resigned.
In the course of all that, the Times' executive editor said that the paper does not "tolerate racist language regardless of intent.” This was the quote that Bret Stephens was pushing back against in his column. (Which, again, was deep-sixed by the paper.)
Stephens goes on in his column (which never saw light of day) to cite famous Lee Atwater quote that uses racial slur, and which NYT has cited \u201cat least seven times.\u201d
— Dylan Byers (@DylanByers) February 11, 2021
"Is this now supposed to be a scandal?\u201d he asks.
...
Four times. The column used the n-word (in the context of a quote) four times. https://t.co/14vPhQZktB
That is correct. In his draft he quotes Atwater using the word (4 times) and he does not redact it.
— Dylan Byers (@DylanByers) February 11, 2021
For context: In 2019, a Times reporter was reprimanded for several incidents of racial insensitivity on a trip with high school students, including one in which he used the n-word in a discussion of racial slurs.
That incident became public late last month, and late last week, after 150 Times employees complained about how it had been handled, the reporter in question resigned.
In the course of all that, the Times' executive editor said that the paper does not "tolerate racist language regardless of intent.” This was the quote that Bret Stephens was pushing back against in his column. (Which, again, was deep-sixed by the paper.)
You May Also Like
IMPORTANCE, ADVANTAGES AND CHARACTERISTICS OF BHAGWAT PURAN
It was Ved Vyas who edited the eighteen thousand shlokas of Bhagwat. This book destroys all your sins. It has twelve parts which are like kalpvraksh.
In the first skandh, the importance of Vedvyas
and characters of Pandavas are described by the dialogues between Suutji and Shaunakji. Then there is the story of Parikshit.
Next there is a Brahm Narad dialogue describing the avtaar of Bhagwan. Then the characteristics of Puraan are mentioned.
It also discusses the evolution of universe.( https://t.co/2aK1AZSC79 )
Next is the portrayal of Vidur and his dialogue with Maitreyji. Then there is a mention of Creation of universe by Brahma and the preachings of Sankhya by Kapil Muni.
In the next section we find the portrayal of Sati, Dhruv, Pruthu, and the story of ancient King, Bahirshi.
In the next section we find the character of King Priyavrat and his sons, different types of loks in this universe, and description of Narak. ( https://t.co/gmDTkLktKS )
In the sixth part we find the portrayal of Ajaamil ( https://t.co/LdVSSNspa2 ), Daksh and the birth of Marudgans( https://t.co/tecNidVckj )
In the seventh section we find the story of Prahlad and the description of Varnashram dharma. This section is based on karma vaasna.
It was Ved Vyas who edited the eighteen thousand shlokas of Bhagwat. This book destroys all your sins. It has twelve parts which are like kalpvraksh.
In the first skandh, the importance of Vedvyas
and characters of Pandavas are described by the dialogues between Suutji and Shaunakji. Then there is the story of Parikshit.
Next there is a Brahm Narad dialogue describing the avtaar of Bhagwan. Then the characteristics of Puraan are mentioned.
It also discusses the evolution of universe.( https://t.co/2aK1AZSC79 )
Next is the portrayal of Vidur and his dialogue with Maitreyji. Then there is a mention of Creation of universe by Brahma and the preachings of Sankhya by Kapil Muni.
HOW LIFE EVOLVED IN THIS UNIVERSE AS PER OUR SCRIPTURES.
— Anshul Pandey (@Anshulspiritual) August 29, 2020
Well maximum of Living being are the Vansaj of Rishi Kashyap. I have tried to give stories from different-different Puran. So lets start.... pic.twitter.com/MrrTS4xORk
In the next section we find the portrayal of Sati, Dhruv, Pruthu, and the story of ancient King, Bahirshi.
In the next section we find the character of King Priyavrat and his sons, different types of loks in this universe, and description of Narak. ( https://t.co/gmDTkLktKS )
Thread on NARK(HELL) / \u0928\u0930\u094d\u0915
— Anshul Pandey (@Anshulspiritual) August 11, 2020
Well today i will take you to a journey where nobody wants to go i.e Nark. Hence beware of doing Adharma/Evil things. There are various mentions in Puranas about Nark, But my Thread is only as per Bhagwat puran(SS attached in below Thread)
1/8 pic.twitter.com/raHYWtB53Q
In the sixth part we find the portrayal of Ajaamil ( https://t.co/LdVSSNspa2 ), Daksh and the birth of Marudgans( https://t.co/tecNidVckj )
In the seventh section we find the story of Prahlad and the description of Varnashram dharma. This section is based on karma vaasna.
#THREAD
— Anshul Pandey (@Anshulspiritual) August 12, 2020
WHY PARENTS CHOOSE RELIGIOUS OR PARAMATMA'S NAMES FOR THEIR CHILDREN AND WHICH ARE THE EASIEST WAY TO WASH AWAY YOUR SINS.
Yesterday I had described the types of Naraka's and the Sin or Adharma for a person to be there.
1/8 pic.twitter.com/XjPB2hfnUC
A brief analysis and comparison of the CSS for Twitter's PWA vs Twitter's legacy desktop website. The difference is dramatic and I'll touch on some reasons why.
Legacy site *downloads* ~630 KB CSS per theme and writing direction.
6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices
https://t.co/qyl4Bt1i5x
PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.
735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices
https://t.co/w7oNG5KUkJ
The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.
The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.
Legacy site *downloads* ~630 KB CSS per theme and writing direction.
6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices
https://t.co/qyl4Bt1i5x
PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.
735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices
https://t.co/w7oNG5KUkJ
The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.
The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.
