Today's world is surrounded with web application as it beneficial for users Hackers also trying to create a new techniques for stealing users data. Here is one of them. Take a look
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scriptsare injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
Here are a few examples of nefariousness that could be perpetrated via XSS in a website. A hacker could:
*Use the credibility of your site to run a phishing scheme
*Steal your users' passwords
*Hijack your users' sessions*.try to launch an attack against the site administrator (you)
*Redirect your users to another site (gambling, porn, Google, affiliate link, whatever)
*Display inappropriate or mis-informative messages to your users
*Or anything else that could be done with client-side executable code
**BELOW CONTENT IS FOR EDUCATIONAL PURPOSE**
Now we need to understand a bit more about how XSS actually works before moving on. From the above article, you already know a bit of the theory behind XSS, so we'll get right to the code. Let's say a web page has a search function that uses this code:
Code:
<t r ><t d>Name</ t d > <t r>< i n p u t type="text" name="advisor_name" value=""></ t d ></t r >
We want to exploit this page using XSS. How do we do that? We know that we want to inject our own script into the value field (this field is tied to the search box we can enter text into). We could start by using a test script:
Code:
<Sc r i p t tag> alert("test") <s c r i p t tag end >
When we enter this into the search box and click search, nothing happens. Why? It's still inside the value quotes, which turn the entire script into plaintext. If you look at the page source now, you see that the above portion of code now looks like this:
Code:
<t r ><t d>Name</t d> <t d><i n p u t type="text" name="advisor_name" value="<s c r i p t>a l e r t("test")</s c r i p t >"></ t d></t r>
Note the quotes around our script. So what do we do? We need to end the value field before our script can actually be executed. So we tweak our test injection a bit:
Code:
"><s c r i p t t a g >a lert("test")</s c r i p t e n d >
This should close the quotes end the input section so that our script can be rendered as a part of the source instead of plaintext. And now when we hit enter we get a nice pop-up box saying "test", showing us our script was executed. Keep in mind that you're not actually writing this data to the server (unless you're injecting it with a script that actually modifies the page on the server's end also, like a guestbook or comment script), just changing how the dynamic page is acting on your end. If you want someone else to see what you see when you use this injection, you need to send them the link with that injection already in the page. For example,
Code:
http://www.site.com/search.php?q="><s c r i p t>al ert("test")</s c ri pt>
Of course, if you don't want the recipient to see the injection, you'll need to hex the query. You can do that here:
Code:
http://centricle.com/tools/ascii-hex/
Hexing the query of this url gives us
Code:
http://www.site.com/search.php?q=%22%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%74%65%73%74%22%29%3c%2 f%73%63%72%69%70%74%3e
The above is a very simple case of finding an XSS injection vulnerability. Some html and javascript knowledge is definitely helpful for finding more complicated ones, but code like the above works often enough.
Using XSS to Steal Cookies
OK, so now you know the page is vulnerable to XSS injection. Great. Now what? You want to make it do something useful, like steal cookies. Cookie stealing is when you insert a script into the page so that everyone that views the modified page inadvertently sends you their session cookie. By modifying your session cookie (see the above linked tutorial), you can impersonate any user who viewed the modified page. So how do you use XSS to steal cookies?
The easiest way is to use a three-step process consisting of the injected script, the cookie recorder, and the log file.
First you'll need to get an account on a server and create two files, log.txt and whateveryouwant.ph.
Hello readers if you really enjoy this artical and think its useful
Please share and give your valuable comments on this blog.
Comments