Friday, 24 September 2010
Lets take a look at some code as a reference:-
<!-- Begin XSS zone -->
Hello I am a twitter..I mean webgoat
<!-- End XSS zone -->
The solution to this problem is to randomize the zone name:-
<!-- Begin XSS zone 9cb3c2fd7ef861d762471c90de049603806e315eea3daf
<!-- End XSS zone 9cb3c2fd7ef861d762471c90de049603806e315eea3daf13e0b8f
Before the HTML is rendered the browser looks for XSS zone name, when it finds the first zone name it continues parsing the HTML until the matched ending zone is found. Any existing zones inside are ignored. The randomization of the zone name is generated on every request and are removed from the markup before render.
One final way to enable XSS zones would be using the browser itself similar how Firebug and IE developer toolbar allow you to select DIVs and other elements, the advanced user could select an area of a site that they determine requires a XSS zone. The browser would then monitor this section of the site and automatically add a random XSS zone to the markup.
Configuration of zones
Zones should always follow the format of <!– Begin XSS zone RANDOMKEY CONFIGURATION_DATA –> and end with <!– End XSS zone RANDOMKEY –>
The configuration should be simple and precise. The following commands should be supported.
* Domain list should be a whitelist only, no global wildcards allowed.
* Proxied should place all urls through a proxied service that obtains the image data or follows a link without sending cookie information and pre checked with a malware scanner.
That was the basis of my idea, if you like it implement it.