XSS is the most talked about vulnerability exploits....done by everyone..... newbies to experts...I came across this tutorial that i found educative as well as informative.
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.
In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.
Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.It will be easy to understand XSS , if you have the following prerequisite:
- Strong Knowledge in HTML,javascript(Reference).
- Basic Knowledge in HTTP client-Server Architecure(Reference)
- [optional]Basic Knowledge about server side programming(php,asp,jsp)
XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance "?search=" or ".php?q=" . 1337 target specific sites instead of using google search. If you are going to test your own site, you have to check every page in your site for the vulnerability.
Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.
Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the result .
Now right click on the page and select view source. search for the string "BTS" which we entered in the input field. Note the location where the input is placed.
Test 2:
Now we are going to check whether the server sanitize our input or not. In order to do this , let us input the <script> tag inside the input field.
Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this <script>. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .
Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack. But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code. For instance, let us input <script>alert('BTS')</script> .
Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS . By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.
Disclaimer: This article is for educative purpose only.
No comments:
Post a Comment
Add your comments.All the inputs are important and valuable.