Germán E. Rodríguez, Jenny G. Torres, Pamela Flores, Eduardo Benavides, Daniel Nuñez-Agurto
{"title":"XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities","authors":"Germán E. Rodríguez, Jenny G. Torres, Pamela Flores, Eduardo Benavides, Daniel Nuñez-Agurto","doi":"10.1109/CSNet47905.2019.9108965","DOIUrl":null,"url":null,"abstract":"QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 3rd Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet47905.2019.9108965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
