Visible to the public XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities

TitleXSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities
Publication TypeConference Paper
Year of Publication2019
AuthorsRodriguez, German, Torres, Jenny, Flores, Pamela, Benavides, Eduardo, Nuñez-Agurto, Daniel
Conference Name2019 3rd Cyber Security in Networking Conference (CSNet)
Date Publishedoct
Keywordsattack vector, BeEF, Beef software, Computer crime, controlled attack, Cross Site Scripting, Cross-site Scripting Attacks, direct access, Educational institutions, Human Behavior, instant access, Internet, Java, JavaScript code, phishing attacks, pubcrawl, QR code, Resiliency, Scalability, universities, URL, XSS, XSStudent
AbstractQR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.
Citation Keyrodriguez_xsstudent_2019