Cross-Script Audit

Was the XSS issue found in the admin web interface or in the web application you're load balancing? What were the specifics of the XSS vulnerability?

 

 

BIG-IP ASM is a web application firewall module available. It provides very comprehensive protection against XSS and many other application layer attacks.

 

 

Aaron

dupe

dupe

The xss was found on the site we were load balancing. It did not appear when we were on 9.01. We probably fixed the issue a couple of years ago. But in 10.0 it showed up again

It showes up in firefox, not in IE 8

I can't see how adding a standard HTTP VIP on LTM would fix a XSS vulnerability in a web app. By default, LTM doesn't change the content of HTTP requests or responses. So unless you had an iRule or ASM enabled previously (well, not ASM as it wasn't available in 9.0/9.1) I don't think load balancing an application with LTM could have fixed the problem.

 

 

You might consider using a web application firewall like ASM to protect the application against XSS and other attacks.

 

 

Aaron

We got flagged because a Firefox XSS error.

 

 

 

 

If the user types in firefox:

 

 

 

 

http://www.oursite.com/eShop/stores/InnisbrookA/rgs/Info/Info_Fundraising.cfm?">

 

 

 

 

in the source of that page they will get the script value:

 

 

 

 

name="form1" id="form1" action="/eShop/stores/oursiteA/rgs/Info/Info_Fundraising.cfm?%22%3E%3Cscript%3Ealert(123)%3C/script%3E" method="post" onsubmit="return _CF_checkform1(this)">

 

 

We see xss windows signatures but nothing for Firefox,

 

 

 

 

any ideas, thanks

You could try to handle this in an iRule, but there are simply too many ways that an attacker could send malicious requests to the application that it's not really feasible to try and handle them all in an iRule. I'd suggest you consider having the application fixed so that all user input is properly validated and sanitized, and implementing an application firewall.

 

 

Aaron