Introduction To XSS
What is XSS ???
Cross-site scripting holes are web-application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern web browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.
There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based.
Lets Begin!!
The Vulnerabilty UrL:
http://www.xxx.xx/forum/search.php?id=yyyy
http://www.xxx.xx/xxxx/xxxxxx.php?xx=&yy=yy
Here,yy is the place u can put Your script for execution
or
http://www.xxx.xx/forum/?page_id=&5infor...user=admin
It can be any url which can submit u r query to the server to execute u script...
Firstly you need to register into the victim website so that u can get permission to post and place comments...if you can do the search and comment without register itz ok but often you will need to register and place your scripts to record the cookies
To the Example:
The Hack :::::::::::::
The Url:
Quote:
http://www.xxx.xx/forum/search.php?id=yyyy
now we will replace the 'yyy' in the example with a script to check whether it is vulnerable to xxs or no
The script
<script>alert("TEST")</script>
You can find the huge list of scripts to check whether the websites whether they are vulnerable to xss.
Here:http://leethacks.net/thread-1015.html
If you get a popup on you screen "Test" after executing this..
Then the website is vulnerable to xxs!!
But we need to find the scource and if the scource contains your script the u are on!!!
The code of your script might be changed in the scource the quotes might have filtered or altered but that doesnt matter....we are gonna use
Congrats Now we can try to get admin cookies
Now we are using the String.fromCharCode option.
http://www.wocares.com/noquote.php
Select Javascript (String.fromCharCode, unescape)
Type in "TEST" and we get this:
Code:
String.fromCharCode(116,101,115,116)
Okay now replace this with "\TEST\"
So our adress should now looks like this:
Code:
value=''/><script>alert(String.fromCharCode(116,101,115,116)</script>
Okay after we have done this go back to the first page where you selected the posts of the admin and replace admin again, but now with our new results !
It should look like
Code:
http://www.xxx.xx/xxx/search.php?id='/%3Cscript%3Ealert(String.fromCharCode(116,101,115,116)%3C/script%3E
Congrats you sucessfully hacked a website with XSS !
Now you can search for cookies !
Just use the same method as before !
No comments:
Post a Comment