Wix.Com DOM Based XSS Vulnerability Put 86 Million Websites At Risk!â€‹

Are you running your website on cloud-based web development platform Wix.com? If yes, here is a bad news for you. Wix.com is vulnerable to a DOM-based XSS (Cross Site Scripting) Attack, which is allowing hackers to control any website which is using the platform of Wix.com. It is a popular website platform which is offering drag and drop tools to its users to design websites. 86 Million websites are using this cloud-based platform. This critical security vulnerability has been discovered by Matt Austin, a security researcher at Contrast Security.

What is DOM Based Cross Site Scripting Vulnerability?

Basically, Cross Site Scripting (XSS) is an attack in which attacker inject some malicious codes in the input field of the website. It is of three types: (i) Persistent XSS (ii) Non-Persistent XSS (iii) DOM Based XSS. Both the Persistent and Non-Persistent XSS attacks are less harmful as compared to DOM Based XSS. To exploit a Persistent vulnerability, the attacker injects the malicious code in the HTTP/HTTPS response page of a website. It is a server-side vulnerability and it also called Stored XSS. Non-Persistent XSS vulnerability is a client-side input validation vulnerability and attackers can exploit it to perform Phishing attacks.

DOM (Document Object Model) Based XSS Attack is quite different from above both types of XSS. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie. The DOM is also used by the browser for security - for example, to limit scripts on different domains from obtaining session cookies for other domains. A DOM-based XSS vulnerability may occur when active content, such as a JavaScript function, is modified by a specially crafted request such that a DOM element that can be controlled by an attacker.

How DOM Based XSS Attack Works?

The DOM-based scripting attack occurs entirely in the browser. The attack functions by manipulating the internal model of the webpage within the browser known as the DOM and are referred to as DOM based attacks. These again, allow the attacker to execute malicious code, but code returned by the server is manipulated into executable JavaScript by the webpage.

Matt Austin Found This Vulnerability in Wix.com

According to Matt Austin, it is very easy to take the control of a website which is using the cloud-based platform of Wix.com. Multiple DOM Based XSS security flaws are present in Wix.com. Attackers can hijack any website by using a specially crafted JavaScript. Two different attack scenarios have been reported by Matt Austin to Wix.com.

First Attack Scenario

In first attack scenario, Matt Austin showed that an attacker can manipulate a website owner to visit a malicious URL which has been loaded by an attacker with specially crafted JavaScripts. When victim will visit that malicious URL, the attacker will gain the access to victim’s browser session. He can totally hijack the website by gaining Admin level privileges.

Second Attack Scenario

In the second attack scenario, Austin explains that an attacker can inject malicious code in DOM model of a targeted website by luring a user to visit a Wix website. Attackers can use a malicious URL to do this. After that attackers can modify targeted Wix.com based website to a specific browser session. From here they can spread malicious codes. The important action for an attacker in both scenarios is to host a malicious JavaScript on the server. DOM based attack on a Wix.com based website is possible only then if the attacker will link that malicious JavaScript within a URL.

Join 7 Days Cross Site Scripting Training Program of CDI : Join Now By Clicking Here

Matt Austin had discovered security vulnerabilities in Facebook, Spotify and Yahoo as well. He said that he was reporting these security issues to Wix.com from the second week of October 2016. But Wix.com was not taking any action about his reports. But this Thursday, he got a reply from Wix.com in which they wrote "security issues have been fixed form our end". Austin said that it was very easy to fix this vulnerability. There was a need to delete few lines of code for it.

Source: securityaffairs.co

Similar Articles:

Electronic System of UK NHS Hospital Hit by Malware!

Red Cross Blood Service Data Breach! Victims Are Getting Phishing Texts!