XSS Tutorial
hey Guys I'm just sharing a simple XSS Tutorial that i found
informative. I hope it'll be helpfull.
Cross-site scripting (XSS) is a type of website security vulnerability typically found in web applications that enables client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post, i'll explain about the non persistent vulnerability. On Persistent i'll write later.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
Attacker can do with XSS:
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting Hostile Content
Instructions:
Step 1: First of all find the vulnerablitiy using google dorks. You can find dorks online.
Most commonly used dorks are as follow:
Code:
inurl:com_feedpostold/feedpost.php?url=
inurl:/products/orkutclone/scrapbook.php?id=
inurl:/products/classified/headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=Search&k=
Step 2: Choose a target website.
Step 3: Attack..
Find out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following and hit Submit Query button.
Code:
3)If webpage will give a popUp with message "Pakbugs.com".
Defacing:
There are few ways which can be used to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
Code:
2) Replace The Content Of The Page By An Image:
Code:
3)Redirect To A Website
Code:
You've done all.. Hope i'll help you great
Cross-site scripting (XSS) is a type of website security vulnerability typically found in web applications that enables client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post, i'll explain about the non persistent vulnerability. On Persistent i'll write later.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
Attacker can do with XSS:
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting Hostile Content
Instructions:
Step 1: First of all find the vulnerablitiy using google dorks. You can find dorks online.
Most commonly used dorks are as follow:
Code:
inurl:com_feedpostold/feedpost.php?url=
inurl:/products/orkutclone/scrapbook.php?id=
inurl:/products/classified/headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=Search&k=
Step 2: Choose a target website.
Step 3: Attack..
Find out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following and hit Submit Query button.
Code:
3)If webpage will give a popUp with message "Pakbugs.com".
Defacing:
There are few ways which can be used to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
Code:
2) Replace The Content Of The Page By An Image:
Code:
3)Redirect To A Website
Code:
You've done all.. Hope i'll help you great
0 komentar:
Posting Komentar