Hi Friends first of all let me tell u What is Directory Transversal
Directory Transversal allows you to change what directory you are located in by typing in the URL bar. This allows you to access pages you normally can't on an insecure webpage.
Now what is robots.txt-
"Web site owners use the /robots.txt file to give instructions about their site to web robots; this is called The Robots Exclusion Protocol."
It works likes this: a robot wants to vists a Web site URL, say http://www.example.com/welcome.html. Before it does so, it firsts checks for http://www.example.com/robots.txt, and finds:
User-agent: *
Disallow: /
The "User-agent: *" means this section applies to all robots. The "Disallow: /" tells the robot that it should not visit any pages on the site.
==>Now next step is Finding disallowed pages
This is quite simple. Go to the main page and type in:
Http://www.[hostname].ext/robots.txt
In this textfile, you will see something that looks like this:
User-agent: *
Allow: /searchhistory/
Disallow: /news?output=xhtml&
Allow: /news?output=xhtml
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
>>User-Agent can be something else then* this means all. This can be a type of webbrowser. That would block the user agent.
Now our last step is to access pages since we can traverse those directories which are allowed but what about those which are disallowed for traversal. here we can try a trick that may help you to get into the restricted directory:
Type a directory that comes after CODE:
Disallow:
Chances are, you will get denied.
To get access you could see if you can mod your cookie, but that's not what I'm talking about.
Now type in the same directory as before, but add /Anyrandomletters&symbols
It should look like this:
[host]/disalloweddirectory/Anyrandomletters&symbols
This will give you an error saying not found. Good.
Now for the Directory Transversal part:
[host]/disalloweddirectory/anyrandomletters&symbols/../
You should have noticed the /../ That is the Directory Transversal part.
What this does is send you back one directory, and if the website is insecure, then you can get access to the Disallowed area.
This doesn't work with just about every popular site, but works with privately owned sites which are nor properly coded.
Thnx :-) Enjoy hacking :-)
Tuesday, November 8, 2011
Thursday, November 3, 2011
XSS Attack (Cross Site Scripting)
Hello Friends, Today i am sharing about the most common vulnerability which is generally found in most of websites because of poor coding. First f all let me tell you what XSS is.
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:
* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.
* a web browser configuration error; unsafe sites listed in privileged zones.
* a cross-site scripting vulnerability within a privileged zone
A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."
Second step is to code a XSS vulnerable page so here we go:
open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv
save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form
Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P
now next step is to secure XSS:
simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB
In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:
* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.
* a web browser configuration error; unsafe sites listed in privileged zones.
* a cross-site scripting vulnerability within a privileged zone
A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."
Second step is to code a XSS vulnerable page so here we go:
open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv
save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form
Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P
now next step is to secure XSS:
simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB
In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)
Subscribe to:
Posts (Atom)